c12s-kubespray/roles/kubernetes-apps/ansible/templates/netchecker-server-clusterrole.yml.j2
Aleksey Kasatkin 14749df6f3 Fix "netchecker-server" ClusterRole (#4730)
* Add sha256 hashes for calicoctl v3.6.1

Hashes are added to calicoctl_binary_checksums for both adm and arm platforms.

* Add rules for "network-checker.ext" resource to "netchecker-server" ClusterRole

So that it could access the resource after it is created.

Corresponding issues:
https://github.com/Mirantis/k8s-netchecker-server/issues/125
https://github.com/kubernetes-sigs/kubespray/issues/3281
2019-05-09 01:30:49 -07:00

15 lines
393 B
Django/Jinja

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: netchecker-server
namespace: {{ netcheck_namespace }}
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ['*']
- apiGroups: ["network-checker.ext"]
resources: ["agents"]
verbs: ['*']