{{- if and .Values.master.enable .Values.master.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "node-feature-discovery.fullname" . }} labels: {{- include "node-feature-discovery.labels" . | nindent 4 }} rules: - apiGroups: - "" resources: - nodes - nodes/status verbs: - get - patch - update - list - apiGroups: - nfd.k8s-sigs.io resources: - nodefeatures - nodefeaturerules verbs: - get - list - watch - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - apiGroups: - coordination.k8s.io resources: - leases resourceNames: - "nfd-master.nfd.kubernetes.io" verbs: - get - update {{- end }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "node-feature-discovery.fullname" . }}-topology-updater labels: {{- include "node-feature-discovery.labels" . | nindent 4 }} rules: - apiGroups: - "" resources: - nodes verbs: - get - list - apiGroups: - "" resources: - nodes/proxy verbs: - get - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - topology.node.k8s.io resources: - noderesourcetopologies verbs: - create - get - update {{- end }} {{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "node-feature-discovery.fullname" . }}-gc labels: {{- include "node-feature-discovery.labels" . | nindent 4 }} rules: - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/proxy verbs: - get - apiGroups: - topology.node.k8s.io resources: - noderesourcetopologies verbs: - delete - list - apiGroups: - nfd.k8s-sigs.io resources: - nodefeatures verbs: - delete - list {{- end }}