From 61fda160a7ba656f73a0a89cca4d3f5fd8e575d4 Mon Sep 17 00:00:00 2001 From: Todd Malsbary Date: Fri, 12 Mar 2021 13:48:25 -0800 Subject: Add sriov-network-operator addon helm chart This chart contains the upstream sriov-network-operator from k8snetworkplumbingwg together with an iavf driver installer. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary Change-Id: Ic925c66f8e2b28b7604240c3ed35b1a56883b60b --- .../templates/clusterrole.yaml | 54 ++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml (limited to 'kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml') diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..1a37667e --- /dev/null +++ b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "sriov-network-operator.fullname" . }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch", "update"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["*"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] +- apiGroups: [""] + resources: [namespaces, serviceaccounts] + verbs: ["*"] +- apiGroups: ["k8s.cni.cncf.io"] + resources: ["network-attachment-definitions"] + verbs: ["*"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: [clusterroles, clusterrolebindings] + verbs: ["*"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["*"] +- apiGroups: ["sriovnetwork.openshift.io"] + resources: ["*"] + verbs: ["*"] +- apiGroups: ["machineconfiguration.openshift.io"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: sriov-network-config-daemon + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch", "update"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["*"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] +- apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] -- cgit 1.2.3-korg