diff options
Diffstat (limited to 'deploy/operator_roles.yaml')
-rw-r--r-- | deploy/operator_roles.yaml | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/deploy/operator_roles.yaml b/deploy/operator_roles.yaml new file mode 100644 index 0000000..2bd49ac --- /dev/null +++ b/deploy/operator_roles.yaml @@ -0,0 +1,75 @@ + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: k8s-nfn-sa + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: k8s-nfn-cr +rules: +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - nfn-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - k8s.plugin.opnfv.org + resources: + - '*' + - providernetworks + verbs: + - '*' + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: k8s-nfn-crb +subjects: +- kind: Group + name: system:serviceaccounts + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: k8s-nfn-cr + apiGroup: rbac.authorization.k8s.io + |