rbac_manifests/flannel-rbac-config.yml

   1 ---
   2 # Copyright 2019 Nokia
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #     http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 apiVersion: v1
  17 kind: ServiceAccount
  18 metadata:
  19   name: flannel
  20   namespace: kube-system
  21 ---
  22 kind: ClusterRole
  23 apiVersion: rbac.authorization.k8s.io/v1beta1
  24 metadata:
  25   name: caas:flannel
  26 rules:
  27   - apiGroups:
  28       - ""
  29     resources:
  30       - pods
  31     verbs:
  32       - get
  33   - apiGroups:
  34       - ""
  35     resources:
  36       - nodes
  37     verbs:
  38       - list
  39       - watch
  40   - apiGroups:
  41       - ""
  42     resources:
  43       - nodes/status
  44     verbs:
  45       - patch
  46 ---
  47 kind: ClusterRoleBinding
  48 apiVersion: rbac.authorization.k8s.io/v1beta1
  49 metadata:
  50   name: caas:flannel
  51 roleRef:
  52   apiGroup: rbac.authorization.k8s.io
  53   kind: ClusterRole
  54   name: caas:flannel
  55 subjects:
  56   - kind: ServiceAccount
  57     name: flannel
  58     namespace: kube-system
  59 ---
  60 apiVersion: rbac.authorization.k8s.io/v1
  61 kind: ClusterRoleBinding
  62 metadata:
  63   name: caas:flannel-psp
  64 subjects:
  65 - kind: ServiceAccount
  66   name: flannel
  67   namespace: kube-system
  68 roleRef:
  69   kind: ClusterRole
  70   name: caas:infra-psp
  71   apiGroup: rbac.authorization.k8s.io