apiVersion: v1 kind: ServiceAccount metadata: name: topo-aware-scheduler namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: noderesourcetoplogy-handler rules: - apiGroups: ["topology.node.k8s.io"] resources: ["noderesourcetopologies"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "patch"] - apiGroups: [""] resources: ["pods"] verbs: ["get","list","watch","update"] - apiGroups: ["rbac.authorization.k8s.io"] resources: ["*"] verbs: ["*"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: topo-aware-scheduler-as-kube-scheduler subjects: - kind: ServiceAccount name: topo-aware-scheduler namespace: kube-system roleRef: kind: ClusterRole name: noderesourcetoplogy-handler apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: my-scheduler-as-volume-scheduler subjects: - kind: ServiceAccount name: my-scheduler namespace: kube-system roleRef: kind: ClusterRole name: system:volume-scheduler apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: topo-aware-scheduler-as-kube-scheduler namespace: kube-system subjects: - kind: ServiceAccount name: topo-aware-scheduler namespace: kube-system roleRef: kind: Role name: extension-apiserver-authentication-reader apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: noderesourcetoplogy namespace: kube-system subjects: - kind: User name: system:kube-scheduler namespace: kube-system apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: noderesourcetoplogy-handler apiGroup: rbac.authorization.k8s.io