--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: controller-k8s rules: - apiGroups: - "" resources: - namespaces - pods - services verbs: - get - list - watch - apiGroups: - networking.k8s.aws resources: - policyendpoints verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.k8s.aws resources: - policyendpoints/finalizers verbs: - update - apiGroups: - networking.k8s.aws resources: - policyendpoints/status verbs: - get - patch - update - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - get - list - patch - update - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: controller-k8s namespace: system rules: - apiGroups: - "" resourceNames: - amazon-vpc-cni resources: - configmaps verbs: - get - list - watch