kubespray/roles/network_plugin/cilium/templates/cilium-cr.yml.j2

63 lines
871 B
Django/Jinja

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cilium
rules:
- apiGroups:
- "networking.k8s.io"
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
- services
- nodes
- endpoints
- componentstatuses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- update
- apiGroups:
- extensions
resources:
- networkpolicies #FIXME remove this when we drop support for k8s NP-beta GH-1202
- thirdpartyresources
- ingresses
verbs:
- create
- get
- list
- watch
- apiGroups:
- "apiextensions.k8s.io"
resources:
- customresourcedefinitions
verbs:
- create
- get
- list
- watch
- apiGroups:
- cilium.io
resources:
- ciliumnetworkpolicies
verbs:
- "*"