config/rbac/role.yaml (101 lines of code) (raw):
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: controller-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- get
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups:
- crd.k8s.amazonaws.com
resources:
- eniconfigs
verbs:
- get
- list
- watch
- apiGroups:
- vpcresources.k8s.aws
resources:
- cninodes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- vpcresources.k8s.aws
resources:
- securitygrouppolicies
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: controller-role
namespace: kube-system
rules:
- apiGroups:
- apps
resourceNames:
- vpc-resource-controller
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- amazon-vpc-cni
resources:
- configmaps
verbs:
- get
- list
- watch