kubeasz/roles/calico/templates/calico-rbac.yaml.j2

# Calico Version v3.1.3
# https://docs.projectcalico.org/v3.1/releases#v3.1.3

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: calico-kube-controllers
rules:
  - apiGroups:
    - ""
    - extensions
    resources:
      - pods
      - namespaces
      - networkpolicies
      - nodes
    verbs:
      - watch
      - list
  - apiGroups:
    - networking.k8s.io
    resources:
      - networkpolicies
    verbs:
      - watch
      - list
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: calico-kube-controllers
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: calico-kube-controllers
subjects:
- kind: ServiceAccount
  name: calico-kube-controllers
  namespace: kube-system

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: calico-node
rules:
  - apiGroups: [""]
    resources:
      - pods
      - nodes
    verbs:
      - get

---

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: calico-node
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: calico-node
subjects:
- kind: ServiceAccount
  name: calico-node
  namespace: kube-system
update calico v3.1.3 2018-08-11 15:26:44 +08:00			`# Calico Version v3.1.3`
			`# https://docs.projectcalico.org/v3.1/releases#v3.1.3`
DaemonSet Calico 网络插件 2018-01-04 22:00:34 +08:00
			`---`

			`kind: ClusterRole`
update calico v3.1.3 2018-08-11 15:26:44 +08:00			`apiVersion: rbac.authorization.k8s.io/v1beta1`
DaemonSet Calico 网络插件 2018-01-04 22:00:34 +08:00			`metadata:`
			`name: calico-kube-controllers`
			`rules:`
			`- apiGroups:`
			`- ""`
			`- extensions`
			`resources:`
			`- pods`
			`- namespaces`
			`- networkpolicies`
			`- nodes`
			`verbs:`
			`- watch`
			`- list`
update calico v3.1.3 2018-08-11 15:26:44 +08:00			`- apiGroups:`
			`- networking.k8s.io`
			`resources:`
			`- networkpolicies`
			`verbs:`
			`- watch`
			`- list`
DaemonSet Calico 网络插件 2018-01-04 22:00:34 +08:00			`---`
			`kind: ClusterRoleBinding`
update calico v3.1.3 2018-08-11 15:26:44 +08:00			`apiVersion: rbac.authorization.k8s.io/v1beta1`
DaemonSet Calico 网络插件 2018-01-04 22:00:34 +08:00			`metadata:`
			`name: calico-kube-controllers`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: calico-kube-controllers`
			`subjects:`
			`- kind: ServiceAccount`
			`name: calico-kube-controllers`
			`namespace: kube-system`

			`---`

			`kind: ClusterRole`
update calico v3.1.3 2018-08-11 15:26:44 +08:00			`apiVersion: rbac.authorization.k8s.io/v1beta1`
DaemonSet Calico 网络插件 2018-01-04 22:00:34 +08:00			`metadata:`
			`name: calico-node`
			`rules:`
			`- apiGroups: [""]`
			`resources:`
			`- pods`
			`- nodes`
			`verbs:`
			`- get`

			`---`

update calico v3.1.3 2018-08-11 15:26:44 +08:00			`apiVersion: rbac.authorization.k8s.io/v1beta1`
DaemonSet Calico 网络插件 2018-01-04 22:00:34 +08:00			`kind: ClusterRoleBinding`
			`metadata:`
			`name: calico-node`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: calico-node`
			`subjects:`
			`- kind: ServiceAccount`
			`name: calico-node`
			`namespace: kube-system`