+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: ricaux-system-tiller
+rules:
+ - apiGroups: [""]
+ resources: ["deployments"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: ["rbac.authorization.k8s.io"]
+ resources: ["clusterroles", "clusterrolebindings"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "patch"]
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["list", "watch", "get"]
+ - apiGroups: ["configuration.konghq.com"]
+ resources: ["kongconsumers"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["configuration.konghq.com"]
+ resources: ["kongcredentials"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["configuration.konghq.com"]
+ resources: ["kongingresses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["configuration.konghq.com"]
+ resources: ["kongplugins"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["extensions"]
+ resources: ["ingresses/status"]
+ verbs: ["update"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["ingresses/status"]
+ verbs: ["update"]
+ - apiGroups: ["networking.k8s.io"]
+ resources: ["ingresses"]
+ verbs: ["get", "list", "create", "delete", "watch"]
+ - apiGroups: ["danm.k8s.io"]
+ resources: ["clusternetworks"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses"]
+ verbs: ["get", "list", "create", "delete"]
+ - apiGroups: [""]
+ resources: ["persistentvolumes"]
+ verbs: ["get", "list", "create", "delete"]
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: ricaux-system-tiller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: ricaux-system-tiller
+subjects:
+ - kind: ServiceAccount
+ name: tiller
+ namespace: kube-system