kubespray/roles/network_plugin/canal/templates/canal-cr-calico.yml.j2

44 lines
684 B
Plaintext
Raw Normal View History

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico
namespace: kube-system
rules:
- apiGroups: [""]
resources:
- pods
- nodes
2020-05-04 23:56:26 +08:00
- namespaces
- configmaps
verbs:
- get
2020-05-04 23:56:26 +08:00
- apiGroups: [""]
resources:
2020-05-04 23:56:26 +08:00
- endpoints
- services
verbs:
- watch
- list
2020-05-04 23:56:26 +08:00
- apiGroups: [""]
resources:
2020-05-04 23:56:26 +08:00
- nodes/status
verbs:
2020-05-04 23:56:26 +08:00
- patch
- apiGroups:
- policy
resourceNames:
- privileged
resources:
2020-05-04 23:56:26 +08:00
- podsecuritypolicies
verbs:
2020-05-04 23:56:26 +08:00
- use
- apiGroups:
- policy
resourceNames:
- privileged
resources:
- podsecuritypolicies
verbs:
- use