X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=src%2Ffoundation%2Fscripts%2Fcni%2Fdanm%2Fintegration%2Fmanifests%2Fsvcwatcher%2F0svcwatcher_rbac.yaml;fp=src%2Ffoundation%2Fscripts%2Fcni%2Fdanm%2Fintegration%2Fmanifests%2Fsvcwatcher%2F0svcwatcher_rbac.yaml;h=bb2ea02329e3fb4229f936c4d18dc5815e8d565f;hb=92fa5a0e85848c61ac4fffc7bda774a01687c2ba;hp=0000000000000000000000000000000000000000;hpb=bcd84b3f9eea3c59d857cf2889fc943ebbe26443;p=iec.git

diff --git a/src/foundation/scripts/cni/danm/integration/manifests/svcwatcher/0svcwatcher_rbac.yaml b/src/foundation/scripts/cni/danm/integration/manifests/svcwatcher/0svcwatcher_rbac.yaml
new file mode 100644
index 0000000..bb2ea02
--- /dev/null
+++ b/src/foundation/scripts/cni/danm/integration/manifests/svcwatcher/0svcwatcher_rbac.yaml
@@ -0,0 +1,65 @@
+# yamllint disable rule:hyphens rule:commas rule:indentation
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: svcwatcher
+  namespace: kube-system
+  labels:
+      kubernetes.io/cluster-service: "true"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:svcwatcher
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - list
+  - watch
+  - get
+  - update
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - pods
+  verbs:
+  - list
+  - watch
+  - get
+- apiGroups:
+  - "danm.k8s.io"
+  resources:
+  - danmeps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:svcwatcher
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:svcwatcher
+subjects:
+- kind: ServiceAccount
+  namespace: kube-system
+  name: svcwatcher