config/rbac/role.yaml (105 lines of code) (raw):
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: manager-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.kubernetes-fleet.io
- fleet.azure.com
resources:
- internalmemberclusters
verbs:
- get
- list
- watch
- apiGroups:
- cluster.kubernetes-fleet.io
- fleet.azure.com
resources:
- internalmemberclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.fleet.azure.com
resources:
- endpointsliceexports
- endpointsliceimports
- internalserviceexports
- internalserviceimports
- multiclusterservices
- serviceexports
- serviceimports
- trafficmanagerbackends
- trafficmanagerprofiles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.fleet.azure.com
resources:
- internalserviceexports/finalizers
- serviceexports/finalizers
verbs:
- update
- apiGroups:
- networking.fleet.azure.com
resources:
- internalserviceexports/status
- multiclusterservices/status
- serviceexports/status
- serviceimports/status
- trafficmanagerbackends/status
- trafficmanagerprofiles/status
verbs:
- get
- patch
- update
- apiGroups:
- networking.fleet.azure.com
resources:
- multiclusterservices/finalizers
- serviceimports/finalizers
- trafficmanagerbackends/finalizers
- trafficmanagerprofiles/finalizers
verbs:
- get
- update