apiVersion: rbac.authorization.k8s.io/v1 # kubernetes versions before 1.8.0 should use rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata:
name: aws-node
rules:
-
apiGroups:
-
crd.k8s.amazonaws.com
resources:
-
“*”
-
namespaces
verbs:
-
“*”
-
-
apiGroups: [“”] resources:
-
pods
-
nodes
-
namespaces
verbs: [“list”, “watch”, “get”]
-
-
apiGroups: [“extensions”] resources:
-
daemonsets
verbs: [“list”, “watch”]
-
apiVersion: v1 kind: ServiceAccount metadata:
name: aws-node namespace: kube-system
apiVersion: rbac.authorization.k8s.io/v1 # kubernetes versions before 1.8.0 should use rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata:
name: aws-node
roleRef:
apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: aws-node
subjects:
-
kind: ServiceAccount name: aws-node namespace: kube-system
apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata:
name: eniconfigs.crd.k8s.amazonaws.com
spec:
scope: Cluster group: crd.k8s.amazonaws.com versions: - name: v1alpha1 served: true storage: true names: plural: eniconfigs singular: eniconfig kind: ENIConfig