apiVersion: v1
kind: ServiceAccount
metadata:
  name: dnsmasq-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: dnsmasq-controller-leader-election
rules:
- resources:
  - configmaps
  apiGroups:
  - ""
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- resources:
  - configmaps/status
  apiGroups:
  - ""
  verbs:
  - get
  - update
  - patch
- resources:
  - events
  apiGroups:
  - ""
  verbs:
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: dnsmasq-controller
rules:
- resources:
  - dhcphosts
  apiGroups:
  - dnsmasq.kvaps.cf
  verbs:
  - get
  - list
  - watch
- resources:
  - dhcpoptions
  apiGroups:
  - dnsmasq.kvaps.cf
  verbs:
  - get
  - list
  - watch
- resources:
  - dnshosts
  apiGroups:
  - dnsmasq.kvaps.cf
  verbs:
  - get
  - list
  - watch
- resources:
  - dnsmasqoptions
  apiGroups:
  - dnsmasq.kvaps.cf
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: dnsmasq-controller-leader-election
roleRef:
  name: dnsmasq-controller-leader-election
  kind: Role
  apiGroup: rbac.authorization.k8s.io
subjects:
- name: dnsmasq-controller
  namespace: default
  kind: ServiceAccount
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dnsmasq-controller
roleRef:
  name: dnsmasq-controller
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
subjects:
- name: dnsmasq-controller
  namespace: default
  kind: ServiceAccount