+
+
+echo Add cluster roles
+ cat >ricaux-role.yaml <<EOF
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: ricaux-system-default
+rules:
+ - apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["list"]
+ - apiGroups: ["batch"]
+ resources: ["jobs/status"]
+ verbs: ["get"]
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: ricaux-system-default
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: ricaux-system-default
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: ${AUXNAMESPACE:-ricaux}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: onap-system-default
+rules:
+ - apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["list"]
+ - apiGroups: ["apps"]
+ resources: ["replicasets/status"]
+ verbs: ["get"]
+ - apiGroups: ["batch"]
+ resources: ["jobs/status"]
+ verbs: ["get"]
+ - apiGroups: ["apps"]
+ resources: ["deployments", "statefulsets"]
+ verbs: ["get"]
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: onap-system-default
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: onap-system-default
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: onap
+EOF
+kubectl apply -f ricaux-role.yaml
+rm ricaux-role.yaml
+