apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ack-virtual-node-clusterrole
rules:
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- list
- watch
- patch
- delete
- apiGroups:
- ''
resources:
- pods/status
verbs:
- update
- patch
- apiGroups:
- ''
resources:
- pods/binding
verbs:
- create
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
- list
- watch
- create
- delete
- update
- patch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests/approval
- certificatesigningrequests/signerName
- certificatesigningrequests/status
verbs:
- update
- patch
- apiGroups:
- admissionregistration.k8s.io
resourceNames:
- vk-webhook
resources:
- mutatingwebhookconfigurations
verbs:
- get
- list
- watch
- delete
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
- roles
- rolebindings
verbs:
- get
- list
- watch
- create
- delete
- update
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resourceNames:
- vk-scaler-leader
- vk-store
resources:
- leases
verbs:
- get
- patch
- update
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- eci.alibabacloud.com
resources:
- imagecaches
verbs:
- get
- list
- watch
- apiGroups:
- eci.alibabacloud.com
resources:
- imagecaches/status
verbs:
- update
- apiGroups:
- ''
- discovery.k8s.io
resources:
- endpoints
- endpointslices
- services
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- apps.kruise.io
resources:
- sidecarsets
verbs:
- get
- list
- watch
- apiGroups:
- sidecarset.alibabacloud.com
resources:
- sidecarsetresourcebindings
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- csinodes
verbs:
- get
- create
- apiGroups:
- apps.kruise.io
resources:
- containerrecreaterequests
verbs:
- get
- list
- watch
- apiGroups:
- apps.kruise.io
resources:
- containerrecreaterequests/status
verbs:
- update
- apiGroups:
- ''
resourceNames:
- default
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- ''
resources:
- persistentvolumeclaims
- persistentvolumes
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- nodes/status
verbs:
- update
- patch
- apiGroups:
- ''
resources:
- nodes/proxy
verbs:
- create
- apiGroups:
- ''
resources:
- nodes/log
- nodes/metrics
- nodes/status
verbs:
- get
- list
- watch
- apiGroups:
- storage.alibabacloud.com
resources:
- containernetworkfilesystems
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- podmonitors
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- secrets
- configmaps
verbs:
- create
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ''
resourceNames:
- eci-profile
resources:
- configmaps
verbs:
- get
- patch
- watch
- update
