cluster/addons/cloud-controller-manager/cloud-node-controller-role.yaml - third_party/kubernetes - Git at Google

 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
     addonmanager.kubernetes.io/mode: Reconcile
   name: system:cloud-controller-manager
 rules:
 - apiGroups:
   - ""
   - events.k8s.io
   resources:
   - events
   verbs:
   - create
   - patch
   - update
 - apiGroups:
   - coordination.k8s.io
   resources:
   - leases
   verbs:
   - create
 - apiGroups:
   - coordination.k8s.io
   resourceNames:
   - cloud-controller-manager
   resources:
   - leases
   verbs:
   - get
   - update
 - apiGroups:
   - ""
   resources:
   - endpoints
   - serviceaccounts
   verbs:
   - create
   - get
   - update
 - apiGroups:
   - ""
   resources:
   - nodes
   verbs:
   - get
   - update
   - patch
 - apiGroups:
   - ""
   resources:
   - namespaces
   verbs:
   - get
 - apiGroups:
   - ""
   resources:
   - nodes/status
   verbs:
   - patch
   - update
 - apiGroups:
   - ""
   resources:
   - secrets
   verbs:
   - create
   - delete
   - get
   - update
 - apiGroups:
   - "authentication.k8s.io"
   resources:
   - tokenreviews
   verbs:
   - create
 - apiGroups:
   - "*"
   resources:
   - "*"
   verbs:
   - list
   - watch
 - apiGroups:
   - ""
   resources:
   - serviceaccounts/token
   verbs:
   - create
 - apiGroups:
   - authentication.k8s.io
   resources:
   - subjectaccessreviews
   verbs:
   - create
 - apiGroups:
   - authorization.k8s.io
   resources:
   - subjectaccessreviews
   verbs:
   - create
 - apiGroups:
   - authorization.k8s.io
   resources:
   - subjectaccessreviews
   verbs:
   - create
 - apiGroups:
   - ""
   resources:
   - namespaces
   - configmaps
   verbs:
   - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
     addonmanager.kubernetes.io/mode: Reconcile
   name: system:cloud-controller-manager
   namespace: kube-system
 rules:
 - apiGroups:
   - ""
   resources:
   - configmaps
   verbs:
   - watch
 - apiGroups:
   - ""
   resources:
   - configmaps
   resourceNames:
   - cloud-controller-manager
   verbs:
   - get
   - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
     addonmanager.kubernetes.io/mode: Reconcile
   name: system::leader-locking-cloud-controller-manager
   namespace: kube-system
 rules:
 - apiGroups:
   - ""
   resources:
   - configmaps
   verbs:
   - watch
 - apiGroups:
   - ""
   resources:
   - configmaps
   resourceNames:
   - cloud-controller-manager
   verbs:
   - get
   - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
     addonmanager.kubernetes.io/mode: Reconcile
   name: system:controller:cloud-node-controller
 rules:
 - apiGroups:
   - ""
   resources:
   - events
   verbs:
   - create
   - patch
   - update
 - apiGroups:
   - ""
   resources:
   - nodes
   verbs:
   - get
   - list
   - update
   - delete
   - patch
 - apiGroups:
   - ""
   resources:
   - nodes/status
   verbs:
   - get
   - list
   - update
   - delete
   - patch

 - apiGroups:
   - ""
   resources:
   - pods
   verbs:
   - list
   - delete
 - apiGroups:
   - ""
   resources:
   - pods/status
   verbs:
   - list
   - delete
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	labels:
	addonmanager.kubernetes.io/mode: Reconcile
	name: system:cloud-controller-manager
	rules:
	- apiGroups:
	- ""
	- events.k8s.io
	resources:
	- events
	verbs:
	- create
	- patch
	- update
	- apiGroups:
	- coordination.k8s.io
	resources:
	- leases
	verbs:
	- create
	- apiGroups:
	- coordination.k8s.io
	resourceNames:
	- cloud-controller-manager
	resources:
	- leases
	verbs:
	- get
	- update
	- apiGroups:
	- ""
	resources:
	- endpoints
	- serviceaccounts
	verbs:
	- create
	- get
	- update
	- apiGroups:
	- ""
	resources:
	- nodes
	verbs:
	- get
	- update
	- patch
	- apiGroups:
	- ""
	resources:
	- namespaces
	verbs:
	- get
	- apiGroups:
	- ""
	resources:
	- nodes/status
	verbs:
	- patch
	- update
	- apiGroups:
	- ""
	resources:
	- secrets
	verbs:
	- create
	- delete
	- get
	- update
	- apiGroups:
	- "authentication.k8s.io"
	resources:
	- tokenreviews
	verbs:
	- create
	- apiGroups:
	- "*"
	resources:
	- "*"
	verbs:
	- list
	- watch
	- apiGroups:
	- ""
	resources:
	- serviceaccounts/token
	verbs:
	- create
	- apiGroups:
	- authentication.k8s.io
	resources:
	- subjectaccessreviews
	verbs:
	- create
	- apiGroups:
	- authorization.k8s.io
	resources:
	- subjectaccessreviews
	verbs:
	- create
	- apiGroups:
	- authorization.k8s.io
	resources:
	- subjectaccessreviews
	verbs:
	- create
	- apiGroups:
	- ""
	resources:
	- namespaces
	- configmaps
	verbs:
	- get
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	labels:
	addonmanager.kubernetes.io/mode: Reconcile
	name: system:cloud-controller-manager
	namespace: kube-system
	rules:
	- apiGroups:
	- ""
	resources:
	- configmaps
	verbs:
	- watch
	- apiGroups:
	- ""
	resources:
	- configmaps
	resourceNames:
	- cloud-controller-manager
	verbs:
	- get
	- update
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: Role
	metadata:
	labels:
	addonmanager.kubernetes.io/mode: Reconcile
	name: system::leader-locking-cloud-controller-manager
	namespace: kube-system
	rules:
	- apiGroups:
	- ""
	resources:
	- configmaps
	verbs:
	- watch
	- apiGroups:
	- ""
	resources:
	- configmaps
	resourceNames:
	- cloud-controller-manager
	verbs:
	- get
	- update
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	labels:
	addonmanager.kubernetes.io/mode: Reconcile
	name: system:controller:cloud-node-controller
	rules:
	- apiGroups:
	- ""
	resources:
	- events
	verbs:
	- create
	- patch
	- update
	- apiGroups:
	- ""
	resources:
	- nodes
	verbs:
	- get
	- list
	- update
	- delete
	- patch
	- apiGroups:
	- ""
	resources:
	- nodes/status
	verbs:
	- get
	- list
	- update
	- delete
	- patch

	- apiGroups:
	- ""
	resources:
	- pods
	verbs:
	- list
	- delete
	- apiGroups:
	- ""
	resources:
	- pods/status
	verbs:
	- list
	- delete