From 5ce4d37f147248ac321c10fbecce743ae0b3eb43 Mon Sep 17 00:00:00 2001
From: Tsuzu <8574909+tsuzu@users.noreply.github.com>
Date: Thu, 16 Mar 2023 01:35:19 +0900
Subject: [PATCH] Add tetrapod_clients.yaml

---
 controlplane/config/rbac/kustomization.yaml   |  1 +
 .../config/rbac/tetrapod_clients.yaml         | 60 +++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100644 controlplane/config/rbac/tetrapod_clients.yaml

diff --git a/controlplane/config/rbac/kustomization.yaml b/controlplane/config/rbac/kustomization.yaml
index 731832a6a..370f0ae02 100644
--- a/controlplane/config/rbac/kustomization.yaml
+++ b/controlplane/config/rbac/kustomization.yaml
@@ -16,3 +16,4 @@ resources:
 - auth_proxy_role.yaml
 - auth_proxy_role_binding.yaml
 - auth_proxy_client_clusterrole.yaml
+- tetrapod_clients.yaml
diff --git a/controlplane/config/rbac/tetrapod_clients.yaml b/controlplane/config/rbac/tetrapod_clients.yaml
new file mode 100644
index 000000000..49cc1ff6a
--- /dev/null
+++ b/controlplane/config/rbac/tetrapod_clients.yaml
@@ -0,0 +1,60 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tetrapod-clients-role
+rules:
+# CIDRClaimTemplates
+- apiGroups:
+  - controlplane.miscord.win
+  resources:
+  - cidrclaimtemplates
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - controlplane.miscord.win
+  resources:
+  - cidrclaimtemplates/status
+  verbs:
+  - get
+
+# CIDRClaims
+- apiGroups:
+  - controlplane.miscord.win
+  resources:
+  - cidrclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - controlplane.miscord.win
+  resources:
+  - cidrclaims/status
+  verbs:
+  - get
+
+# PeerNodes
+- apiGroups:
+  - controlplane.miscord.win
+  resources:
+  - peernodes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - controlplane.miscord.win
+  resources:
+  - peernodes/status
+  verbs:
+  - get