commit fc98603516a3dff4e1e347f8550f9e979b35ca9c
author Victor Ryzhenkin <vryzhenkin@mirantis.com> Thu Jul 19 19:41:58 2018 +0400
committer Victor Ryzhenkin <vryzhenkin@mirantis.com> Thu Jul 19 19:41:58 2018 +0400
tree 391ec8db19cf41b51d7aa2c6346e9a1523c2b440
parent 07f207d16463e25fcbf0975384c77831b6fcd2ed

Add RBAC role and rolebinding for cni-genie

Change-Id: I5b89e3d892c157621a4a0db766ddb7f75d8719be
Related-PROD: PROD-21554

metadata/service/control/roles/genie-pod-patch.yml

diff --git a/metadata/service/control/roles/genie-pod-patch.yml b/metadata/service/control/roles/genie-pod-patch.yml
new file mode 100644
index 0000000..d3f2da3
--- /dev/null
+++ b/metadata/service/control/roles/genie-pod-patch.yml
@@ -0,0 +1,19 @@
+parameters:
+  kubernetes:
+    control:
+      role:
+        patch:
+          enabled: true
+          kind: ClusterRole
+          rules:
+            - apiGroups:
+                - ""
+              resources:
+                - "pods"
+              verbs:
+                - "patch"
+          binding:
+            genie-pod-patch:
+              subject:
+                system:nodes:
+                  kind: Group