File kubevirt-psp-caasp.yaml of Package kubevirt
# # A KubeVirt PSP for CaaSP-based Kubernetes clusters that makes use of the # CaaSP privileged PSP. # # After the KubeVirt operator has sucessfully deployed the KubeVirt service, # this PSP can be deployed to the cluster, giving virt-operator and # virt-handler access to cluster operations necessary for virtual machine # management. # # kubectl apply -f /usr/share/kube-virt/manifests/release/kubevirt-psp-caasp.yaml # apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubevirt-controller-caasp rules: - apiGroups: - policy resources: - podsecuritypolicies verbs: - use resourceNames: - suse.caasp.psp.privileged --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubevirt-handler-caasp rules: - apiGroups: - policy resources: - podsecuritypolicies verbs: - use resourceNames: - suse.caasp.psp.privileged --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubevirt-controller-caasp roleRef: kind: ClusterRole name: kubevirt-controller-caasp apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: kubevirt-controller namespace: kubevirt --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubevirt-handler-caasp roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubevirt-handler-caasp subjects: - kind: ServiceAccount name: kubevirt-handler namespace: kubevirt --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubevirt-controller-caasp roleRef: kind: Role name: kubevirt-controller-caasp apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: kubevirt-controller namespace: kubevirt --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubevirt-handler-caasp roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubevirt-handler-caasp subjects: - kind: ServiceAccount name: kubevirt-handler namespace: kubevirt
