Copy
# ------------------------------------------------------------------------------
# Service Account
# ------------------------------------------------------------------------------
apiVersion: v1
kind: ServiceAccount
metadata:
name: plerion-collector-manager
namespace: plerion-system
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
# ------------------------------------------------------------------------------
# Cluster Role
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: plerion-collector-manager
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
rules:
# ----------------------------------------------------------------------------
# (Read Only)
# Required for functional operation of KSPM
# ----------------------------------------------------------------------------
- verbs:
- list
apiGroups:
- apps
resources:
- deployments
- replicasets
- statefulsets
- daemonsets
- verbs:
- get
- list
apiGroups:
- ''
resources:
- serviceaccounts
- verbs:
- list
apiGroups:
- ''
resources:
- services
- configmaps
- resourcequotas
- limitranges
- replicationcontrollers
- nodes
- verbs:
- list
apiGroups:
- batch
resources:
- cronjobs
- jobs
- verbs:
- list
apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
- verbs:
- list
apiGroups:
- networking.k8s.io
resources:
- networkpolicies
- ingresses
- verbs:
- get
- list
- watch
apiGroups:
- ''
resources:
- pods
- verbs:
- get
apiGroups:
- ''
resources:
- pods
# (Additional rules changes may apply when fetching other Kubernetes resources.)
# ------------------------------------------------------------------------------
# Cluster Role Binding
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: plerion-collector-manager
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
subjects:
- kind: ServiceAccount
name: plerion-collector-manager
namespace: plerion-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: plerion-collector-manager
# ------------------------------------------------------------------------------
# Role
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: plerion-collector-manager
namespace: plerion-system
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
rules:
# ------------------------------------------------------------------------------------
# (Optional)
# Required for operation of collector-manager, like leader election, maintaining labels
# ------------------------------------------------------------------------------------
- verbs:
- get
- create
- update
apiGroups:
- coordination.k8s.io
resources:
- leases
- verbs:
- create
apiGroups:
- ''
resources:
- events
- verbs:
- update
apiGroups:
- ''
resources:
- pods
# ------------------------------------------------------------------------------
# Role Binding
# ------------------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: plerion-collector-manager
namespace: plerion-system
labels:
app.kubernetes.io/instance: plerion-collector-manager
app.kubernetes.io/name: collector-manager
subjects:
- kind: ServiceAccount
name: plerion-collector-manager
namespace: plerion-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: plerion-collector-manager