github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/deployment/sriov-network-operator/templates/clusterrole.yaml (about) 1 apiVersion: rbac.authorization.k8s.io/v1 2 kind: ClusterRole 3 metadata: 4 name: {{ include "sriov-network-operator.fullname" . }} 5 labels: 6 {{- include "sriov-network-operator.labels" . | nindent 4 }} 7 rules: 8 - apiGroups: [""] 9 resources: ["nodes"] 10 verbs: ["get", "list", "watch", "patch", "update"] 11 - apiGroups: [""] 12 resources: ["pods"] 13 verbs: ["*"] 14 - apiGroups: [""] 15 resources: ["pods/eviction"] 16 verbs: ["create"] 17 - apiGroups: ["apps"] 18 resources: ["daemonsets"] 19 verbs: ["get"] 20 - apiGroups: [""] 21 resources: ["namespaces", "serviceaccounts"] 22 verbs: ["*"] 23 - apiGroups: ["k8s.cni.cncf.io"] 24 resources: ["network-attachment-definitions"] 25 verbs: ["*"] 26 - apiGroups: ["rbac.authorization.k8s.io"] 27 resources: [clusterroles, clusterrolebindings] 28 verbs: ["*"] 29 - apiGroups: ["admissionregistration.k8s.io"] 30 resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] 31 verbs: ["*"] 32 - apiGroups: ["sriovnetwork.openshift.io"] 33 resources: ["*"] 34 verbs: ["*"] 35 - apiGroups: ["machineconfiguration.openshift.io"] 36 resources: ["*"] 37 verbs: ["*"] 38 - apiGroups: ["config.openshift.io"] 39 resources: ["infrastructures"] 40 verbs: ["get", "list", "watch"] 41 --- 42 apiVersion: rbac.authorization.k8s.io/v1 43 kind: ClusterRole 44 metadata: 45 name: sriov-network-config-daemon 46 labels: 47 {{- include "sriov-network-operator.labels" . | nindent 4 }} 48 rules: 49 - apiGroups: [""] 50 resources: ["nodes"] 51 verbs: ["get", "list", "watch", "patch", "update"] 52 - apiGroups: [""] 53 resources: ["pods"] 54 verbs: ["*"] 55 - apiGroups: ["apps"] 56 resources: ["daemonsets"] 57 verbs: ["get"] 58 - apiGroups: [ "config.openshift.io" ] 59 resources: [ "infrastructures" ] 60 verbs: [ "get", "list", "watch" ]