github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/bindata/manifests/operator-webhook/002-rbac.yaml

github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/bindata/manifests/operator-webhook/002-rbac.yaml (about)

     1  ---
     2  apiVersion: v1
     3  kind: ServiceAccount
     4  metadata:
     5    namespace: {{.Namespace}}
     6    name: operator-webhook-sa
     7  ---
     8  apiVersion: rbac.authorization.k8s.io/v1
     9  kind: ClusterRole
    10  metadata:
    11    name: operator-webhook
    12  rules:
    13  - apiGroups: [""]
    14    resources: ["nodes"]
    15    verbs: ["get", "list", "watch"]
    16  - apiGroups:
    17    - certificates.k8s.io
    18    resources:
    19    - certificatesigningrequests
    20    - certificatesigningrequests/approval
    21    verbs:
    22    - '*'
    23  - apiGroups:
    24    - ""
    25    resources:
    26    - secrets
    27    verbs:
    28    - '*'
    29  - apiGroups:
    30      - ""
    31    resources:
    32      - configmaps
    33    verbs:
    34      - get
    35      - update
    36  - apiGroups:
    37    - admissionregistration.k8s.io
    38    resources:
    39    - mutatingwebhookconfigurations
    40    - validatingwebhookconfigurations
    41    verbs:
    42    - '*'
    43  - apiGroups:
    44    - ""
    45    resources:
    46    - services
    47    verbs:
    48    - '*'
    49  - apiGroups:
    50    - "sriovnetwork.openshift.io"
    51    resources:
    52    - "*"
    53    verbs:
    54    - "*"
    55  ---
    56  apiVersion: rbac.authorization.k8s.io/v1
    57  kind: ClusterRoleBinding
    58  metadata:
    59    name: operator-webhook-role-binding
    60  roleRef:
    61    apiGroup: rbac.authorization.k8s.io
    62    kind: ClusterRole
    63    name: operator-webhook
    64  subjects:
    65  - kind: ServiceAccount
    66    name: operator-webhook-sa
    67    namespace: {{.Namespace}}