X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;ds=sidebyside;f=scripts%2Fcni%2Fcalico%2Frbac.yaml;fp=scripts%2Fcni%2Fcalico%2Frbac.yaml;h=e4632af5f6213fba15b1015a314b9b3e546893d0;hb=5f9280af0b3e74fb69f8124984daad4ab953ed1c;hp=0000000000000000000000000000000000000000;hpb=f4ee719d1a67a0cf73d310ae4ed7bc21a92cb4ad;p=eliot.git diff --git a/scripts/cni/calico/rbac.yaml b/scripts/cni/calico/rbac.yaml new file mode 100644 index 0000000..e4632af --- /dev/null +++ b/scripts/cni/calico/rbac.yaml @@ -0,0 +1,92 @@ +# Calico Version v3.3.4 +# https://docs.projectcalico.org/v3.3/releases#v3.3.4 +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: calico-node +rules: + - apiGroups: [""] + resources: + - namespaces + - serviceaccounts + verbs: + - get + - list + - watch + - apiGroups: [""] + resources: + - pods/status + verbs: + - patch + - apiGroups: [""] + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: [""] + resources: + - services + verbs: + - get + - apiGroups: [""] + resources: + - endpoints + verbs: + - get + - apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - update + - watch + - apiGroups: ["extensions"] + resources: + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + - apiGroups: ["crd.projectcalico.org"] + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - globalbgpconfigs + - bgpconfigurations + - ippools + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - clusterinformations + - hostendpoints + verbs: + - create + - get + - list + - update + - watch +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: calico-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-node +subjects: + - kind: ServiceAccount + name: calico-node + namespace: kube-system