apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: fleet-controller rules: - apiGroups: - gitjob.cattle.io resources: - '*' verbs: - '*' - apiGroups: - fleet.cattle.io resources: - '*' verbs: - '*' - apiGroups: - "" resources: - namespaces - serviceaccounts verbs: - '*' - apiGroups: - "" resources: - secrets - configmaps verbs: - '*' - apiGroups: - rbac.authorization.k8s.io resources: - clusterroles - clusterrolebindings - roles - rolebindings verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: fleet-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: fleet-controller subjects: - kind: ServiceAccount name: fleet-controller namespace: {{.Release.Namespace}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: fleet-controller rules: - apiGroups: - "" resources: - configmaps verbs: - '*' - apiGroups: - coordination.k8s.io resources: - leases verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: fleet-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: fleet-controller subjects: - kind: ServiceAccount name: fleet-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: fleet-controller-bootstrap rules: - apiGroups: - '*' resources: - '*' verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: fleet-controller-bootstrap roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: fleet-controller-bootstrap subjects: - kind: ServiceAccount name: fleet-controller-bootstrap namespace: {{.Release.Namespace}}