## ServiceAccount apiVersion: v1 kind: ServiceAccount metadata: namespace: kube-system name: traefik-ingress-controller --- ## ClusterRole kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller namespace: kube-system rules: - apiGroups: - "" resources: - services - endpoints - secrets verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses - ingressclasses verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - traefik.containo.us resources: - ingressroutes - ingressroutetcps - ingressrouteudps - middlewares - tlsoptions - tlsstores - traefikservices - serverstransports verbs: - get - list - watch - apiGroups: - networking.x-k8s.io resources: - gatewayclasses - gatewayclasses/status - gateways verbs: - get - list - watch - apiGroups: - networking.x-k8s.io resources: - gatewayclasses/status verbs: - get - patch - update - apiGroups: - networking.x-k8s.io resources: - gateways/status verbs: - get - patch - update - apiGroups: - networking.x-k8s.io resources: - httproutes verbs: - create - delete - get - list - patch - update - watch - apiGroups: - networking.x-k8s.io resources: - httproutes/status verbs: - get - patch - update --- ## ClusterRoleBinding kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-ingress-controller subjects: - kind: ServiceAccount name: traefik-ingress-controller namespace: kube-system