kubespray/roles/network_plugin/cilium/templates/cilium-crb.yml.j2

32 lines
680 B
Django/Jinja

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cilium-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cilium-operator
subjects:
- kind: ServiceAccount
name: cilium-operator
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cilium
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cilium
subjects:
- kind: ServiceAccount
name: cilium
namespace: kube-system
{% if cilium_version | regex_replace('v') is version('1.9', '<') %}
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:nodes
{% endif %}