1apiVersion: rbac.authorization.k8s.io/v1
2kind: ClusterRole
3metadata:
4 labels:
5 addonmanager.kubernetes.io/mode: Reconcile
6 name: system:cloud-controller-manager
7rules:
8- apiGroups:
9 - ""
10 - events.k8s.io
11 resources:
12 - events
13 verbs:
14 - create
15 - patch
16 - update
17- apiGroups:
18 - coordination.k8s.io
19 resources:
20 - leases
21 verbs:
22 - create
23- apiGroups:
24 - coordination.k8s.io
25 resourceNames:
26 - cloud-controller-manager
27 resources:
28 - leases
29 verbs:
30 - get
31 - update
32- apiGroups:
33 - ""
34 resources:
35 - endpoints
36 - serviceaccounts
37 verbs:
38 - create
39 - get
40 - update
41- apiGroups:
42 - ""
43 resources:
44 - nodes
45 verbs:
46 - get
47 - update
48 - patch
49- apiGroups:
50 - ""
51 resources:
52 - namespaces
53 verbs:
54 - get
55- apiGroups:
56 - ""
57 resources:
58 - nodes/status
59 verbs:
60 - patch
61 - update
62- apiGroups:
63 - ""
64 resources:
65 - secrets
66 verbs:
67 - create
68 - delete
69 - get
70 - update
71- apiGroups:
72 - "authentication.k8s.io"
73 resources:
74 - tokenreviews
75 verbs:
76 - create
77- apiGroups:
78 - "*"
79 resources:
80 - "*"
81 verbs:
82 - list
83 - watch
84- apiGroups:
85 - ""
86 resources:
87 - serviceaccounts/token
88 verbs:
89 - create
90- apiGroups:
91 - authentication.k8s.io
92 resources:
93 - subjectaccessreviews
94 verbs:
95 - create
96- apiGroups:
97 - authorization.k8s.io
98 resources:
99 - subjectaccessreviews
100 verbs:
101 - create
102- apiGroups:
103 - authorization.k8s.io
104 resources:
105 - subjectaccessreviews
106 verbs:
107 - create
108- apiGroups:
109 - ""
110 resources:
111 - namespaces
112 - configmaps
113 verbs:
114 - get
115---
116apiVersion: rbac.authorization.k8s.io/v1
117kind: Role
118metadata:
119 labels:
120 addonmanager.kubernetes.io/mode: Reconcile
121 name: system:cloud-controller-manager
122 namespace: kube-system
123rules:
124- apiGroups:
125 - ""
126 resources:
127 - configmaps
128 verbs:
129 - watch
130- apiGroups:
131 - ""
132 resources:
133 - configmaps
134 resourceNames:
135 - cloud-controller-manager
136 verbs:
137 - get
138 - update
139---
140apiVersion: rbac.authorization.k8s.io/v1
141kind: Role
142metadata:
143 labels:
144 addonmanager.kubernetes.io/mode: Reconcile
145 name: system::leader-locking-cloud-controller-manager
146 namespace: kube-system
147rules:
148- apiGroups:
149 - ""
150 resources:
151 - configmaps
152 verbs:
153 - watch
154- apiGroups:
155 - ""
156 resources:
157 - configmaps
158 resourceNames:
159 - cloud-controller-manager
160 verbs:
161 - get
162 - update
163---
164apiVersion: rbac.authorization.k8s.io/v1
165kind: ClusterRole
166metadata:
167 labels:
168 addonmanager.kubernetes.io/mode: Reconcile
169 name: system:controller:cloud-node-controller
170rules:
171- apiGroups:
172 - ""
173 resources:
174 - events
175 verbs:
176 - create
177 - patch
178 - update
179- apiGroups:
180 - ""
181 resources:
182 - nodes
183 verbs:
184 - get
185 - list
186 - update
187 - delete
188 - patch
189- apiGroups:
190 - ""
191 resources:
192 - nodes/status
193 verbs:
194 - get
195 - list
196 - update
197 - delete
198 - patch
199
200- apiGroups:
201 - ""
202 resources:
203 - pods
204 verbs:
205 - list
206 - delete
207- apiGroups:
208 - ""
209 resources:
210 - pods/status
211 verbs:
212 - list
213 - delete
View as plain text