github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/bindata/manifests/webhook/002-rbac.yaml

github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/bindata/manifests/webhook/002-rbac.yaml (about)

     1  ---
     2  apiVersion: v1
     3  kind: ServiceAccount
     4  metadata:
     5    namespace: {{.Namespace}}
     6    name: network-resources-injector-sa
     7  ---
     8  apiVersion: rbac.authorization.k8s.io/v1
     9  kind: ClusterRole
    10  metadata:
    11    name: network-resources-injector
    12  rules:
    13  - apiGroups:
    14    - ""
    15    - k8s.cni.cncf.io
    16    - extensions
    17    - apps
    18    resources:
    19    - pods
    20    - network-attachment-definitions
    21    - replicationcontrollers
    22    - replicasets
    23    - daemonsets
    24    - statefulsets
    25    - configmaps
    26    verbs:
    27    - '*'
    28  - apiGroups:
    29    - certificates.k8s.io
    30    resources:
    31    - certificatesigningrequests
    32    - certificatesigningrequests/approval
    33    verbs:
    34    - '*'
    35  - apiGroups:
    36    - ""
    37    resources:
    38    - secrets
    39    verbs:
    40    - '*'
    41  - apiGroups:
    42    - admissionregistration.k8s.io
    43    resources:
    44    - mutatingwebhookconfigurations
    45    - validatingwebhookconfigurations
    46    verbs:
    47    - '*'
    48  - apiGroups:
    49    - ""
    50    resources:
    51    - services
    52    verbs:
    53    - '*'
    54  ---
    55  apiVersion: rbac.authorization.k8s.io/v1
    56  kind: ClusterRoleBinding
    57  metadata:
    58    name: network-resources-injector-role-binding
    59  roleRef:
    60    apiGroup: rbac.authorization.k8s.io
    61    kind: ClusterRole
    62    name: network-resources-injector
    63  subjects:
    64  - kind: ServiceAccount
    65    name: network-resources-injector-sa
    66    namespace: {{.Namespace}}