a3e6896a43
Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
80 lines
1.3 KiB
Django/Jinja
80 lines
1.3 KiB
Django/Jinja
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
metadata:
|
|
name: calico
|
|
namespace: {{ system_namespace }}
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources:
|
|
- namespaces
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups: [""]
|
|
resources:
|
|
- pods/status
|
|
verbs:
|
|
- update
|
|
- apiGroups: [""]
|
|
resources:
|
|
- pods
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups: [""]
|
|
resources:
|
|
- nodes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- update
|
|
- watch
|
|
- apiGroups: ["extensions"]
|
|
resources:
|
|
- thirdpartyresources
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups: ["extensions"]
|
|
resources:
|
|
- networkpolicies
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups: ["projectcalico.org"]
|
|
resources:
|
|
- globalbgppeers
|
|
verbs:
|
|
- get
|
|
- list
|
|
- apiGroups: ["projectcalico.org"]
|
|
resources:
|
|
- globalconfigs
|
|
- globalbgpconfigs
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- update
|
|
- watch
|
|
- apiGroups: ["projectcalico.org"]
|
|
resources:
|
|
- ippools
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- update
|
|
- watch
|
|
- apiGroups: ["alpha.projectcalico.org"]
|
|
resources:
|
|
- systemnetworkpolicies
|
|
verbs:
|
|
- get
|
|
- list
|