rbac_manifests/cpudp-rbac-config.yml

   1 ---
   2 # Copyright 2019 Nokia
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #     http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 apiVersion: v1
  17 kind: ServiceAccount
  18 metadata:
  19   name: cpu-device-plugin
  20   namespace: kube-system
  21 ---
  22 apiVersion: rbac.authorization.k8s.io/v1
  23 kind: ClusterRole
  24 metadata:
  25   name: caas:cpu-device-plugin
  26 rules:
  27 - apiGroups:
  28   - ""
  29   resources:
  30   - pods
  31   verbs:
  32   - get
  33   - list
  34 - apiGroups:
  35   - ""
  36   resources:
  37   - nodes
  38   verbs:
  39   - get
  40   - list
  41 ---
  42 apiVersion: rbac.authorization.k8s.io/v1
  43 kind: ClusterRoleBinding
  44 metadata:
  45   name: caas:cpu-device-plugin
  46 roleRef:
  47   apiGroup: rbac.authorization.k8s.io
  48   kind: ClusterRole
  49   name: caas:cpu-device-plugin
  50 subjects:
  51 - kind: ServiceAccount
  52   name: cpu-device-plugin
  53   namespace: kube-system
  54 ---
  55 apiVersion: rbac.authorization.k8s.io/v1
  56 kind: ClusterRoleBinding
  57 metadata:
  58   name: caas:cpu-device-plugin-psp
  59 subjects:
  60 - kind: ServiceAccount
  61   name: cpu-device-plugin
  62   namespace: kube-system
  63 roleRef:
  64   kind: ClusterRole
  65   name: caas:infra-psp
  66   apiGroup: rbac.authorization.k8s.io