1---
2kind: ClusterRole
3apiVersion: rbac.authorization.k8s.io/v1
4metadata:
5 name: descheduler-cluster-role
6rules:
7- apiGroups: ["events.k8s.io"]
8 resources: ["events"]
9 verbs: ["create", "update"]
10- apiGroups: [""]
11 resources: ["nodes"]
12 verbs: ["get", "watch", "list"]
13- apiGroups: [""]
14 resources: ["namespaces"]
15 verbs: ["get", "watch", "list"]
16- apiGroups: [""]
17 resources: ["pods"]
18 verbs: ["get", "watch", "list", "delete"]
19- apiGroups: [""]
20 resources: ["pods/eviction"]
21 verbs: ["create"]
22- apiGroups: ["scheduling.k8s.io"]
23 resources: ["priorityclasses"]
24 verbs: ["get", "watch", "list"]
25- apiGroups: ["coordination.k8s.io"]
26 resources: ["leases"]
27 verbs: ["create"]
28- apiGroups: ["coordination.k8s.io"]
29 resources: ["leases"]
30 resourceNames: ["descheduler"]
31 verbs: ["get", "patch", "delete"]
32---
33apiVersion: v1
34kind: ServiceAccount
35metadata:
36 name: descheduler-sa
37 namespace: kube-system
38---
39apiVersion: rbac.authorization.k8s.io/v1
40kind: ClusterRoleBinding
41metadata:
42 name: descheduler-cluster-role-binding
43roleRef:
44 apiGroup: rbac.authorization.k8s.io
45 kind: ClusterRole
46 name: descheduler-cluster-role
47subjects:
48 - name: descheduler-sa
49 kind: ServiceAccount
50 namespace: kube-system
View as plain text