k3s/manifests/ccm.yaml

118 lines
1.9 KiB
YAML
Raw Normal View History

2019-10-15 21:17:26 +00:00
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: k3s-cloud-controller-manager
2019-10-15 21:17:26 +00:00
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
2019-10-15 21:17:26 +00:00
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- "*"
2019-10-15 21:17:26 +00:00
- apiGroups:
- ""
resources:
- nodes/status
- services/status
2019-10-15 21:17:26 +00:00
verbs:
- patch
- apiGroups:
- ""
resources:
- services
- pods
2019-10-15 21:17:26 +00:00
verbs:
- get
2019-10-15 21:17:26 +00:00
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- patch
- update
2019-10-15 21:17:26 +00:00
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- apiGroups:
- ""
resources:
- namespaces
2019-10-15 21:17:26 +00:00
verbs:
- create
2019-10-15 21:17:26 +00:00
- get
- apiGroups:
- apps
2019-10-15 21:17:26 +00:00
resources:
- daemonsets
2019-10-15 21:17:26 +00:00
verbs:
- "*"
- apiGroups:
- "discovery.k8s.io"
resources:
- endpointslices
verbs:
- get
- list
- watch
2019-10-15 21:17:26 +00:00
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: k3s-cloud-controller-manager
2019-10-15 21:17:26 +00:00
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: k3s-cloud-controller-manager
2019-10-15 21:17:26 +00:00
subjects:
- kind: User
name: k3s-cloud-controller-manager
2019-10-15 21:17:26 +00:00
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: k3s-cloud-controller-manager-auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: User
name: k3s-cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: k3s-cloud-controller-manager-authentication-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: User
name: k3s-cloud-controller-manager
namespace: kube-system