apiVersion: v1 kind: ServiceAccount metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner automountServiceAccountToken: true --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - secrets verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dynk8s-provisioner namespace: kube-system labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - secrets verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dynk8s-provisioner namespace: kube-public labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - configmaps resourceNames: - cluster-info verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dynk8s-provisioner labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - nodes verbs: - list - get - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: dynk8s-provisioner namespace: kube-system labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner namespace: dynk8s --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: dynk8s-provisioner namespace: kube-public labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner namespace: dynk8s --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dynk8s-provisioner labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner namespace: dynk8s