Add checkpoint-rbac.yaml

This allows the kubectl checkpoint plugin to create the container checkpoint.
stano45 · Aug 16, 2024 · 004ccd3 · 004ccd3
1 parent 6562997
commit 004ccd3
Showing 1 changed file with 41 additions and 0 deletions.
diff --git a/examples/container_migration_in_kubernetes/manifests/checkpoint-rbac.yaml b/examples/container_migration_in_kubernetes/manifests/checkpoint-rbac.yaml
@@ -0,0 +1,41 @@
+# checkpoint-rbac.yaml
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: checkpoint-role
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list", "get", "watch", "create"]
+  - apiGroups: [""]
+    resources: ["nodes/checkpoint"]
+    verbs: ["create"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: checkpoint-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: checkpoint-role
+subjects:
+  - kind: User
+    name: system:node:codingbeast
+    apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kube-router-checkpoint-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: checkpoint-role
+subjects:
+  - kind: ServiceAccount
+    name: kube-router
+    namespace: kube-system