diff options
| author |   Todd Malsbary <todd.malsbary@intel.com> | 2021-03-12 13:48:25 -0800 |
|---|---|---|
| committer | Todd Malsbary <todd.malsbary@intel.com> | 2021-05-04 13:02:48 -0700 |
| commit | 61fda160a7ba656f73a0a89cca4d3f5fd8e575d4 (patch) | |
| tree | 40fb6d319ece6a68d46427966401d98fadeee80e /kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml | |
| parent | c7cc63c3e76d5739c67314008b01f6fe70289641 (diff) | |
Add sriov-network-operator addon helm chart
This chart contains the upstream sriov-network-operator from
k8snetworkplumbingwg together with an iavf driver installer.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ic925c66f8e2b28b7604240c3ed35b1a56883b60b
Diffstat (limited to 'kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml')
| -rw-r--r-- | kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..1a37667e --- /dev/null +++ b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "sriov-network-operator.fullname" . }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch", "update"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["*"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] +- apiGroups: [""] + resources: [namespaces, serviceaccounts] + verbs: ["*"] +- apiGroups: ["k8s.cni.cncf.io"] + resources: ["network-attachment-definitions"] + verbs: ["*"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: [clusterroles, clusterrolebindings] + verbs: ["*"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["*"] +- apiGroups: ["sriovnetwork.openshift.io"] + resources: ["*"] + verbs: ["*"] +- apiGroups: ["machineconfiguration.openshift.io"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: sriov-network-config-daemon + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch", "update"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["*"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] +- apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] |