github.com/fafucoder/cilium@v1.6.11/install/kubernetes/cilium/charts/operator/templates/clusterrole.yaml

github.com/fafucoder/cilium@v1.6.11/install/kubernetes/cilium/charts/operator/templates/clusterrole.yaml (about)

     1  apiVersion: rbac.authorization.k8s.io/v1
     2  kind: ClusterRole
     3  metadata:
     4    name: cilium-operator
     5  rules:
     6  - apiGroups:
     7    - ""
     8    resources:
     9    # to automatically delete [core|kube]dns pods so that are starting to being
    10    # managed by Cilium
    11    - pods
    12    verbs:
    13    - get
    14    - list
    15    - watch
    16    - delete
    17  - apiGroups:
    18    - ""
    19    resources:
    20    # to automatically read from k8s and import the node's pod CIDR to cilium's
    21    # etcd so all nodes know how to reach another pod running in in a different
    22    # node.
    23    - nodes
    24    # to perform the translation of a CNP that contains `ToGroup` to its endpoints
    25    - services
    26    - endpoints
    27    # to check apiserver connectivity
    28    - namespaces
    29    verbs:
    30    - get
    31    - list
    32    - watch
    33  - apiGroups:
    34    - cilium.io
    35    resources:
    36    - ciliumnetworkpolicies
    37    - ciliumnetworkpolicies/status
    38    - ciliumendpoints
    39    - ciliumendpoints/status
    40    - ciliumnodes
    41    - ciliumnodes/status
    42    - ciliumidentities
    43    - ciliumidentities/status
    44    verbs:
    45    - '*'