k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/addons/kube-network-policies/kube-network-policies-rbac.yaml

k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/addons/kube-network-policies/kube-network-policies-rbac.yaml (about)

     1  kind: ClusterRole
     2  apiVersion: rbac.authorization.k8s.io/v1
     3  metadata:
     4    name: system:network-policies
     5    namespace: kube-system
     6    labels:
     7      addonmanager.kubernetes.io/mode: Reconcile
     8  rules:
     9    - apiGroups: [""]
    10      resources:
    11        - pods
    12        - nodes
    13        - namespaces
    14      verbs:
    15        - get
    16        - watch
    17        - list
    18    # Watch for changes to Kubernetes NetworkPolicies.
    19    - apiGroups: ["networking.k8s.io"]
    20      resources:
    21        - networkpolicies
    22      verbs:
    23        - watch
    24        - list
    25  ---
    26  kind: ClusterRoleBinding
    27  apiVersion: rbac.authorization.k8s.io/v1
    28  metadata:
    29    name: kube-network-policies
    30    labels:
    31      addonmanager.kubernetes.io/mode: Reconcile
    32  roleRef:
    33    apiGroup: rbac.authorization.k8s.io
    34    kind: ClusterRole
    35    name: system:network-policies
    36  subjects:
    37  - kind: ServiceAccount
    38    name: kube-network-policies
    39    namespace: kube-system
    40  ---
    41  apiVersion: v1
    42  kind: ServiceAccount
    43  metadata:
    44    name: kube-network-policies
    45    namespace: kube-system
    46    labels:
    47      k8s-app: kube-network-policies
    48      kubernetes.io/cluster-service: "true"
    49      addonmanager.kubernetes.io/mode: Reconcile