apiVersion: v1 kind: ServiceAccount metadata: name: weave-scope namespace: weave labels: name: weave-scope --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: weave-scope labels: name: weave-scope rules: - apiGroups: - '' resources: - pods verbs: - get - list - watch - delete - apiGroups: - '' resources: - pods/log - services - nodes - namespaces - persistentvolumes - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - apps resources: - deployments - daemonsets - statefulsets verbs: - get - list - watch - apiGroups: - batch resources: - cronjobs - jobs verbs: - get - list - watch - apiGroups: - extensions resources: - deployments - daemonsets verbs: - get - list - watch - apiGroups: - apps resources: - deployments/scale verbs: - get - update - apiGroups: - extensions resources: - deployments/scale verbs: - get - update - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch - apiGroups: - volumesnapshot.external-storage.k8s.io resources: - volumesnapshots - volumesnapshotdatas verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: weave-scope labels: name: weave-scope roleRef: kind: ClusterRole name: weave-scope apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: weave-scope namespace: weave