apiVersion: apps/v1 kind: Deployment metadata: name: slime-boot namespace: mesh-operator spec: replicas: 1 selector: matchLabels: name: slime-boot template: metadata: labels: name: slime-boot spec: serviceAccountName: slime-boot containers: - name: slime-boot # Replace this with the built image name image: docker.io/slimeio/slime-boot:v0.8.0 imagePullPolicy: Always env: - name: WATCH_NAMESPACE value: "" - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME value: "slime-boot" --- apiVersion: v1 kind: ServiceAccount metadata: name: slime-boot namespace: mesh-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: slime-boot subjects: - kind: ServiceAccount name: slime-boot namespace: mesh-operator roleRef: kind: ClusterRole name: slime apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: slime rules: - apiGroups: ["networking.istio.io"] resources: ["*"] verbs: ["*"] - apiGroups: ["microservice.slime.io","config.netease.com"] resources: ["*"] verbs: ["*"] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["create", "get", "list", "watch", "update", "patch", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["create", "get", "list", "watch", "update", "patch", "delete"] - apiGroups: [""] resources: ["configmaps", "services", "secrets","serviceaccounts"] verbs: ["create", "get", "list", "watch", "update", "patch", "delete"] - apiGroups: [""] resources: ["pods", "endpoints", "namespaces", "nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["rbac.authorization.k8s.io"] resources: ["rolebindings","clusterrolebindings"] verbs: ["create", "get", "list", "watch", "update", "patch", "delete"] - apiGroups: ["rbac.authorization.k8s.io"] resources: ["clusterroles","roles"] verbs: ["create", "get", "list", "watch", "update", "patch", "delete", "bind"]