X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=src%2Ffoundation%2Fscripts%2Fcni%2Fcalico%2Frbac.yaml;fp=src%2Ffoundation%2Fscripts%2Fcni%2Fcalico%2Frbac.yaml;h=95115c724ef99df8e33c4754e7b0eca5a6fa0adc;hb=38539411e0db414bd281be6313e080cbff7bab13;hp=0000000000000000000000000000000000000000;hpb=213fe20e6996b570081a86926ceafe4240ca983f;p=iec.git

diff --git a/src/foundation/scripts/cni/calico/rbac.yaml b/src/foundation/scripts/cni/calico/rbac.yaml
new file mode 100644
index 0000000..95115c7
--- /dev/null
+++ b/src/foundation/scripts/cni/calico/rbac.yaml
@@ -0,0 +1,77 @@
+# Calico Version v3.3.2
+# https://docs.projectcalico.org/v3.3/releases#v3.3.2
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: calico-kube-controllers
+rules:
+  - apiGroups:
+    - ""
+    - extensions
+    resources:
+      - pods
+      - namespaces
+      - networkpolicies
+      - nodes
+      - serviceaccounts
+    verbs:
+      - watch
+      - list
+  - apiGroups:
+    - networking.k8s.io
+    resources:
+      - networkpolicies
+    verbs:
+      - watch
+      - list
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: calico-kube-controllers
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: calico-kube-controllers
+subjects:
+- kind: ServiceAccount
+  name: calico-kube-controllers
+  namespace: kube-system
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: calico-node
+rules:
+  - apiGroups: [""]
+    resources:
+      - pods
+      - nodes
+      - namespaces
+    verbs:
+      - get
+  - apiGroups: [""]
+    resources:
+      - nodes/status
+    verbs:
+      - patch
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: calico-node
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: calico-node
+subjects:
+- kind: ServiceAccount
+  name: calico-node
+  namespace: kube-system