apiVersion: v1 kind: ServiceAccount metadata: name: wireguardctl namespace: vpn --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: wireguardctl-rb roleRef: name: wireguardctl kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: wireguardctl namespace: vpn kind: ServiceAccount --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: wireguardctl labels: platform.edge.ncr.com/component: 'wireguardctl' rules: - resources: - secrets apiGroups: - "" verbs: - get - list - watch - patch - update - create - delete - resources: - configmaps apiGroups: - "" verbs: - get - list - watch - resources: - deployments apiGroups: - apps verbs: - get - list - watch - patch - update - create - resources: - pods apiGroups: - "" verbs: - get - list - watch - delete - resources: - pods/exec apiGroups: - "" verbs: - create - resources: - clusters apiGroups: - edge.ncr.com verbs: - get - list - watch - resources: - clusters/status apiGroups: - edge.ncr.com verbs: - get - list - watch - resources: - customresourcedefinitions apiGroups: - apiextensions.k8s.io verbs: - get - list - watch - resources: - vpnconfigs apiGroups: - remoteaccess.edge.ncr.com verbs: - get - list - watch - patch - update - resources: - vpnconfigs/status apiGroups: - remoteaccess.edge.ncr.com verbs: - get - list - watch - patch - update - resources: - syncedobjects apiGroups: - edge.ncr.com verbs: - get - list - watch - create - update - patch - delete - resources: - services apiGroups: - "" verbs: - get - list - watch - resources: - hosts apiGroups: - getambassador.io verbs: - get - list - watch - resources: - mappings apiGroups: - getambassador.io verbs: - get - list - watch - create - update - patch - delete - resources: - iampolicymembers apiGroups: - iam.cnrm.cloud.google.com verbs: - create - delete - get - list - patch - update - watch - resources: - iampolicymembers/status apiGroups: - iam.cnrm.cloud.google.com verbs: - get - watch