1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107 | # Calico Version v3.14.1
# https://docs.projectcalico.org/releases#v3.14.1
# This manifest includes the following component versions:
# calico/ctl:v3.14.1
apiVersion: v1
kind: ServiceAccount
metadata:
name: calicoctl
namespace: kube-system
---
apiVersion: v1
kind: Pod
metadata:
name: calicoctl
namespace: kube-system
spec:
nodeSelector:
kubernetes.io/os: linux
hostNetwork: true
serviceAccountName: calicoctl
containers:
- name: calicoctl
image: calico/ctl:v3.13.1
command: ["/bin/sh", "-c", "while true; do sleep 3600; done"]
env:
- name: DATASTORE_TYPE
value: kubernetes
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: calicoctl
rules:
- apiGroups: [""]
resources:
- namespaces
- nodes
verbs:
- get
- list
- update
- apiGroups: [""]
resources:
- nodes/status
verbs:
- update
- apiGroups: [""]
resources:
- pods
- serviceaccounts
verbs:
- get
- list
- apiGroups: [""]
resources:
- pods/status
verbs:
- update
- apiGroups: ["crd.projectcalico.org"]
resources:
- bgppeers
- bgpconfigurations
- clusterinformations
- felixconfigurations
- globalnetworkpolicies
- globalnetworksets
- ippools
- kubecontrollersconfigurations
- networkpolicies
- networksets
- hostendpoints
- ipamblocks
- blockaffinities
- ipamhandles
- ipamconfigs
verbs:
- create
- get
- list
- update
- delete
- apiGroups: ["networking.k8s.io"]
resources:
- networkpolicies
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: calicoctl
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calicoctl
subjects:
- kind: ServiceAccount
name: calicoctl
namespace: kube-system
|