apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.kruiseGame.fullname }} namespace: {{ .Values.installation.namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: kruise-game-leader-election-role namespace: {{ .Values.installation.namespace }} rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: kruise-game-manager-role rules: - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations verbs: - create - get - list - patch - update - watch - apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations verbs: - create - get - list - patch - update - watch - apiGroups: - alibabacloud.com resources: - poddnats verbs: - get - list - watch - apiGroups: - alibabacloud.com resources: - poddnats/status verbs: - get - apiGroups: - alibabacloud.com resources: - podeips verbs: - get - list - watch - apiGroups: - alibabacloud.com resources: - podeips/status verbs: - get - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - get - list - patch - update - watch - apiGroups: - apps.kruise.io resources: - podprobemarkers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps.kruise.io resources: - statefulsets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - apps.kruise.io resources: - statefulsets/status verbs: - get - patch - update - apiGroups: - "" resources: - nodes verbs: - get - list - watch - apiGroups: - "" resources: - nodes/status verbs: - get - apiGroups: - "" resources: - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - "" resources: - persistentvolumeclaims/status verbs: - get - apiGroups: - "" resources: - persistentvolumes verbs: - get - list - watch - apiGroups: - "" resources: - persistentvolumes/status verbs: - get - apiGroups: - "" resources: - pods verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - pods/status verbs: - get - patch - update - apiGroups: - "" resources: - services verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - services/status verbs: - get - patch - update - apiGroups: - elbv2.k8s.aws resources: - targetgroupbindings verbs: - create - get - list - patch - update - watch - apiGroups: - elbv2.services.k8s.aws resources: - listeners verbs: - create - get - list - patch - update - watch - apiGroups: - elbv2.services.k8s.aws resources: - targetgroups verbs: - create - get - list - patch - update - watch - apiGroups: - game.kruise.io resources: - gameservers verbs: - create - delete - get - list - patch - update - watch - apiGroups: - game.kruise.io resources: - gameservers/finalizers verbs: - update - apiGroups: - game.kruise.io resources: - gameservers/status verbs: - get - patch - update - apiGroups: - game.kruise.io resources: - gameserversets verbs: - create - delete - get - list - patch - update - watch - apiGroups: - game.kruise.io resources: - gameserversets/finalizers verbs: - update - apiGroups: - game.kruise.io resources: - gameserversets/status verbs: - get - patch - update - apiGroups: - networking.k8s.io resources: - ingresses verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.k8s.io resources: - ingresses/status verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kruise-game-metrics-reader rules: - nonResourceURLs: - "/metrics" verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kruise-game-proxy-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kruise-game-leader-election-rolebinding namespace: {{ .Values.installation.namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kruise-game-leader-election-role subjects: - kind: ServiceAccount name: {{ .Values.kruiseGame.fullname }} namespace: {{ .Values.installation.namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kruise-game-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kruise-game-manager-role subjects: - kind: ServiceAccount name: {{ .Values.kruiseGame.fullname }} namespace: {{ .Values.installation.namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kruise-game-proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: proxy-role subjects: - kind: ServiceAccount name: {{ .Values.kruiseGame.fullname }} namespace: {{ .Values.installation.namespace }}