blob: 003a5b61aa8d3eada7f3939a9071f1c763f2f177 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "cpu-manager.fullname" . }}-custom-resource-definition-controller
labels:
{{- include "cpu-manager.labels" . | nindent 4 }}
rules:
- apiGroups: ["intel.com"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions", "customresourcedefinitions.extensions"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "cpu-manager.fullname" . }}-daemonset-controller
labels:
{{- include "cpu-manager.labels" . | nindent 4 }}
rules:
- apiGroups: ["extensions", "apps"]
resources: ["daemonsets", "daemonsets.extensions", "daemonsets.apps"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "cpu-manager.fullname" . }}-version-controller
labels:
{{- include "cpu-manager.labels" . | nindent 4 }}
rules:
- nonResourceURLs: ["*"]
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "cpu-manager.fullname" . }}-webhook-installer
labels:
{{- include "cpu-manager.labels" . | nindent 4 }}
rules:
- apiGroups: ["", "apps", "extensions", "admissionregistration.k8s.io"]
resources: ["secrets", "configmaps", "deployments", "services", "mutatingwebhookconfigurations"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "cpu-manager.fullname" . }}-node-lister
labels:
{{- include "cpu-manager.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["*"]
{{- end }}
|
