31 lines
583 B
Plaintext
31 lines
583 B
Plaintext
|
kind: ClusterRole
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
|
metadata:
|
||
|
|
name: canal
|
||
|
|
rules:
|
||
|
|
# Used for creating service account tokens to be used by the CNI plugin
|
||
|
|
- apiGroups: [""]
|
||
|
|
resources:
|
||
|
|
- serviceaccounts/token
|
||
|
|
verbs:
|
||
|
|
- create
|
||
|
|
- apiGroups: [""]
|
||
|
|
resources:
|
||
|
|
- pods
|
||
|
|
- nodes
|
||
|
|
- namespaces
|
||
|
|
verbs:
|
||
|
|
- get
|
||
|
|
# Pod CIDR auto-detection on kubeadm needs access to config maps.
|
||
|
|
- apiGroups: [""]
|
||
|
|
resources:
|
||
|
|
- configmaps
|
||
|
|
verbs:
|
||
|
|
- get
|
||
|
|
- apiGroups:
|
||
|
|
- ""
|
||
|
|
resources:
|
||
|
|
- nodes
|
||
|
|
verbs:
|
||
|
|
- list
|