# for use in clusters using RBAC kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: bigip-ctlr-clusterrole rules: - apiGroups: - "" resources: - nodes - services - endpoints - namespaces verbs: - get - list - watch - apiGroups: - extensions resources: - ingresses verbs: - get - list - watch - apiGroups: - "" resources: - configmaps - events verbs: - get - list - watch - update - create - patch - apiGroups: - "extensions" resources: - ingresses/status verbs: - get - list - watch - update - create - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: bigip-ctlr-clusterrole-binding namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: bigip-ctlr-clusterrole subjects: - kind: ServiceAccount name: bigip-ctlr-serviceaccount namespace: kube-system