1apiVersion: rbac.authorization.k8s.io/v1
2kind: ClusterRole
3metadata:
4 name: edge-agent
5rules:
6- resources:
7 - configmaps
8 apiGroups:
9 - ""
10 resourceNames:
11 - edge-info
12 verbs:
13 - get
14- resources: ["kustomizations"]
15 apiGroups: ["kustomize.toolkit.fluxcd.io"]
16 verbs:
17 - get
18 - patch
19- resources: ["helmreleases"]
20 apiGroups: ["helm.toolkit.fluxcd.io"]
21 verbs:
22 - get
23 - patch
24- resources: ["virtualmachines/stop", "virtualmachines/start", "virtualmachines/restart"]
25 apiGroups: ["subresources.kubevirt.io"]
26 verbs:
27 - patch
28 - update
29- resources: ["virtualmachineinstancemigrations"]
30 apiGroups: ["kubevirt.io"]
31 verbs:
32 - create
33---
34apiVersion: rbac.authorization.k8s.io/v1
35kind: ClusterRoleBinding
36metadata:
37 name: edge-agent
38roleRef:
39 name: edge-agent
40 kind: ClusterRole
41 apiGroup: rbac.authorization.k8s.io
42subjects:
43- name: edge-agent
44 namespace: edge-agent
45 kind: ServiceAccount
View as plain text