forked from intel/CPU-Manager-for-Kubernetes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcmk-rbac-rules.yaml
128 lines (128 loc) · 3.05 KB
/
cmk-rbac-rules.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cmk-third-party-resource-controller
rules:
- apiGroups: ["cmk.intel.com"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["extensions"]
resources: ["thirdpartyresources", "thirdpartyresources.extensions"]
verbs: ["*"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cmk-custom-resource-definition-controller
rules:
- apiGroups: ["intel.com"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions", "customresourcedefinitions.extensions"]
verbs: ["*"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cmk-daemonset-controller
rules:
- apiGroups: ["extensions"]
resources: ["daemonsets", "daemonsets.extensions"]
verbs: ["*"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cmk-version-controller
rules:
- nonResourceURLs: ["*"]
verbs:
- get
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cmk-webhook-installer
rules:
- apiGroups: ["", "apps", "extensions", "admissionregistration.k8s.io"]
resources: ["secrets", "configmaps", "deployments", "services", "mutatingwebhookconfigurations"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: cmk-role-binding-daemonset
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cmk-daemonset-controller
subjects:
- kind: ServiceAccount
name: cmk-serviceaccount
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: cmk-role-binding-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:node
subjects:
- kind: ServiceAccount
name: cmk-serviceaccount
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: cmk-role-binding-tpr
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cmk-third-party-resource-controller
subjects:
- kind: ServiceAccount
name: cmk-serviceaccount
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: cmk-role-binding-crd
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cmk-custom-resource-definition-controller
subjects:
- kind: ServiceAccount
name: cmk-serviceaccount
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: cmk-role-binding-version
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cmk-version-controller
subjects:
- kind: ServiceAccount
name: cmk-serviceaccount
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: cmk-role-binding-webhook-installer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cmk-webhook-installer
subjects:
- kind: ServiceAccount
name: cmk-serviceaccount
namespace: default