You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

88 lines
1.4 KiB

  1. ---
  2. kind: ClusterRole
  3. apiVersion: rbac.authorization.k8s.io/v1beta1
  4. metadata:
  5. name: calico
  6. namespace: kube-system
  7. rules:
  8. - apiGroups: [""]
  9. resources:
  10. - namespaces
  11. verbs:
  12. - get
  13. - list
  14. - watch
  15. - apiGroups: [""]
  16. resources:
  17. - pods/status
  18. verbs:
  19. - update
  20. - apiGroups: [""]
  21. resources:
  22. - pods
  23. verbs:
  24. - get
  25. - list
  26. - watch
  27. - apiGroups: [""]
  28. resources:
  29. - nodes
  30. verbs:
  31. - get
  32. - list
  33. - update
  34. - watch
  35. - apiGroups: ["extensions"]
  36. resources:
  37. - thirdpartyresources
  38. verbs:
  39. - create
  40. - get
  41. - list
  42. - watch
  43. - apiGroups: ["extensions"]
  44. resources:
  45. - networkpolicies
  46. verbs:
  47. - get
  48. - list
  49. - watch
  50. - apiGroups: ["projectcalico.org"]
  51. resources:
  52. - globalbgppeers
  53. verbs:
  54. - get
  55. - list
  56. - apiGroups: ["projectcalico.org"]
  57. resources:
  58. - globalconfigs
  59. - globalbgpconfigs
  60. verbs:
  61. - create
  62. - get
  63. - list
  64. - update
  65. - watch
  66. - apiGroups: ["projectcalico.org"]
  67. resources:
  68. - ippools
  69. verbs:
  70. - create
  71. - get
  72. - list
  73. - update
  74. - watch
  75. - apiGroups: ["alpha.projectcalico.org"]
  76. resources:
  77. - systemnetworkpolicies
  78. verbs:
  79. - get
  80. - list
  81. - apiGroups:
  82. - policy
  83. resourceNames:
  84. - privileged
  85. resources:
  86. - podsecuritypolicies
  87. verbs:
  88. - use