rbac_manifests/metrics-server-rbac.yaml

   1 ---
   2 # Copyright 2019 Nokia
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #     http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 apiVersion: v1
  17 kind: ServiceAccount
  18 metadata:
  19   name: metrics-apiserver
  20   namespace: kube-system
  21 ---
  22 apiVersion: rbac.authorization.k8s.io/v1
  23 kind: RoleBinding
  24 metadata:
  25   name: caas:metrics-server:extension-apiserver-authentication-reader
  26   namespace: kube-system
  27 roleRef:
  28   apiGroup: rbac.authorization.k8s.io
  29   kind: Role
  30   name: extension-apiserver-authentication-reader
  31 subjects:
  32 - kind: ServiceAccount
  33   name: metrics-apiserver
  34   namespace: kube-system
  35 ---
  36 apiVersion: rbac.authorization.k8s.io/v1
  37 kind: ClusterRole
  38 metadata:
  39   name: caas:metrics-server
  40 rules:
  41 - apiGroups:
  42   - ""
  43   resources:
  44   - pods
  45   - nodes
  46   - nodes/stats
  47   - namespaces
  48   verbs:
  49   - get
  50   - list
  51   - watch
  52 - apiGroups:
  53   - "extensions"
  54   resources:
  55   - deployments
  56   verbs:
  57   - get
  58   - list
  59   - watch
  60 ---
  61 apiVersion: rbac.authorization.k8s.io/v1
  62 kind: ClusterRoleBinding
  63 metadata:
  64   name: caas:metrics-server
  65 roleRef:
  66   apiGroup: rbac.authorization.k8s.io
  67   kind: ClusterRole
  68   name: caas:metrics-server
  69 subjects:
  70 - kind: ServiceAccount
  71   name: metrics-apiserver
  72   namespace: kube-system
  73 ---
  74 apiVersion: rbac.authorization.k8s.io/v1beta1
  75 kind: ClusterRoleBinding
  76 metadata:
  77   name: caas:metrics-server:system:auth-delegator
  78 roleRef:
  79   apiGroup: rbac.authorization.k8s.io
  80   kind: ClusterRole
  81   name: system:auth-delegator
  82 subjects:
  83 - kind: ServiceAccount
  84   name: metrics-apiserver
  85   namespace: kube-system
  86 ---
  87 apiVersion: rbac.authorization.k8s.io/v1
  88 kind: ClusterRoleBinding
  89 metadata:
  90   name: caas:metrics-apiserver-psp
  91 subjects:
  92 - kind: ServiceAccount
  93   name: metrics-apiserver
  94   namespace: kube-system
  95 roleRef:
  96   kind: ClusterRole
  97   name: caas:infra-psp
  98   apiGroup: rbac.authorization.k8s.io