apiVersion: v1 kind: ServiceAccount metadata: name: kubeslice-netop namespace: {{ .Release.Namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: name: vpn-gateway-server namespace: {{ .Release.Namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: name: vpn-gateway-client namespace: {{ .Release.Namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: name: slice-router namespace: {{ .Release.Namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: name: kubeslice-controller-manager namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: kubeslice-leader-election-role namespace: {{ .Release.Namespace }} rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: kubeslice-manager-role rules: - apiGroups: - networking.kubeslice.io resources: - slicenodeaffinities verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.kubeslice.io resources: - slicenodeaffinities/finalizers verbs: - update - apiGroups: - networking.kubeslice.io resources: - slicenodeaffinities/status verbs: - get - patch - update - apiGroups: - apps resources: - deployments verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - statefulsets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - daemonsets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps resources: - replicasets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - endpoints verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - pods verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - secrets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - services verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - resourcequotas verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - limitranges verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - secrets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - batch resources: - jobs verbs: - get - list - watch - create - update - patch - delete - apiGroups: - batch resources: - cronjobs verbs: - get - list - watch - create - update - patch - delete - apiGroups: - networking.kubeslice.io resources: - slicerolebindings verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.kubeslice.io resources: - slicerolebindings/finalizers verbs: - update - apiGroups: - networking.kubeslice.io resources: - slicerolebindings/status verbs: - get - patch - update - apiGroups: - networking.kubeslice.io resources: - slices verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.kubeslice.io resources: - slices/finalizers verbs: - update - apiGroups: - networking.kubeslice.io resources: - slices/status verbs: - get - patch - update - apiGroups: - networking.kubeslice.io resources: - slicegateways verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.kubeslice.io resources: - slicegateways/finalizers verbs: - update - apiGroups: - networking.kubeslice.io resources: - slicegateways/status verbs: - get - patch - update - apiGroups: - networking.kubeslice.io resources: - sliceresourcequotas/status verbs: - get - patch - update - apiGroups: - networking.kubeslice.io resources: - serviceexports verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.kubeslice.io resources: - sliceresourcequotas verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.kubeslice.io resources: - serviceexports/status verbs: - get - patch - update - apiGroups: - networking.kubeslice.io resources: - serviceimports verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.kubeslice.io resources: - serviceimports/status verbs: - get - patch - update - apiGroups: - networkservicemesh.io resources: - networkservices - networkserviceendpoints verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - nodes verbs: - get - watch - list - apiGroups: - networking.istio.io resources: - gateways verbs: - create - delete - get - list - update - watch - apiGroups: - networking.istio.io resources: - serviceentries verbs: - create - delete - get - list - update - watch - apiGroups: - networking.istio.io resources: - virtualservices verbs: - create - delete - get - list - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings verbs: - create - delete - get - list - patch - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - roles verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - serviceaccounts verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - namespaces verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - create - delete - get - list - patch - get - list - update - watch - apiGroups: - metrics.k8s.io resources: - pods verbs: - get - list - watch - apiGroups: - "" - extensions - apps - rbac.authorization.k8s.io - coordination.k8s.io - discovery.k8s.io - events.k8s.io - networking.k8s.io - policy - batch - authorization.k8s.io - autoscaling resources: - '*' verbs: - create - delete - get - list - patch - get - list - update - watch - apiGroups: - "" resources: - nodes/proxy verbs: - get - watch - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubeslice-metrics-reader rules: - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubeslice-proxy-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubeslice-leader-election-rolebinding namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubeslice-leader-election-role subjects: - kind: ServiceAccount name: kubeslice-controller-manager namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubeslice-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubeslice-manager-role subjects: - kind: ServiceAccount name: kubeslice-controller-manager namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubeslice-proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubeslice-proxy-role subjects: - kind: ServiceAccount name: kubeslice-controller-manager namespace: {{ .Release.Namespace }}