X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=blueprints%2FuCPE%2Fcni%2Fcalico%2Frbac.yaml;fp=blueprints%2FuCPE%2Fcni%2Fcalico%2Frbac.yaml;h=e4632af5f6213fba15b1015a314b9b3e546893d0;hb=d63c1f66c2bbff6cd07ac5708f9939455b498b6a;hp=0000000000000000000000000000000000000000;hpb=a25e2c6b61cefe449f53a81e1a9f0b39a0a6208c;p=eliot.git diff --git a/blueprints/uCPE/cni/calico/rbac.yaml b/blueprints/uCPE/cni/calico/rbac.yaml new file mode 100644 index 0000000..e4632af --- /dev/null +++ b/blueprints/uCPE/cni/calico/rbac.yaml @@ -0,0 +1,92 @@ +# Calico Version v3.3.4 +# https://docs.projectcalico.org/v3.3/releases#v3.3.4 +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: calico-node +rules: + - apiGroups: [""] + resources: + - namespaces + - serviceaccounts + verbs: + - get + - list + - watch + - apiGroups: [""] + resources: + - pods/status + verbs: + - patch + - apiGroups: [""] + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: [""] + resources: + - services + verbs: + - get + - apiGroups: [""] + resources: + - endpoints + verbs: + - get + - apiGroups: [""] + resources: + - nodes + verbs: + - get + - list + - update + - watch + - apiGroups: ["extensions"] + resources: + - networkpolicies + verbs: + - get + - list + - watch + - apiGroups: ["networking.k8s.io"] + resources: + - networkpolicies + verbs: + - watch + - list + - apiGroups: ["crd.projectcalico.org"] + resources: + - globalfelixconfigs + - felixconfigurations + - bgppeers + - globalbgpconfigs + - bgpconfigurations + - ippools + - globalnetworkpolicies + - globalnetworksets + - networkpolicies + - clusterinformations + - hostendpoints + verbs: + - create + - get + - list + - update + - watch +--- + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: calico-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: calico-node +subjects: + - kind: ServiceAccount + name: calico-node + namespace: kube-system