config/dev/serving-certs/tls.crt

+-----BEGIN CERTIFICATE-----
+MIIDPDCCAiSgAwIBAgIUMWbe9ReCZbOx+ZrGxrrmnwLAEPQwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNbG9jYWwtd2ViaG9vazAeFw0yNDA2MDkxMTA2MTRaFw0y
+NTA2MDkxMTA2MTRaMBgxFjAUBgNVBAMMDWxvY2FsLXdlYmhvb2swggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCT7Fk/xSQ7ABspQ1rBIV4d0elmvshkWSob
+Ga5+xgtnXkAD7XMj36Wb8IOCR8NfxVZs2PhMbiyKgkTOSfjpHj8veMEbbcSuBWsB
+WOMqlrZzvLiNFF31Hl5A//RDgzKe9RyhDMHsQ7fV9bYlsKECvUHWqhKTMVeSZTgH
+TYBX3FP2b2uRqR36Dy4iF5Qc49GpJFOCKY3qk87p/3NKgemCRbripuzsXyzmS5pl
+Zt4yk4KOAil5/hwWPiQJDhun5onO7nRX7xgi3BbkFIW5kvqdtUOHk+PvHAZ+fot7
+IQBpLs/GAdqR46/kfMBN8wFeF5Hn1u9JLMT9UxbCNy6ztijFqmCbAgMBAAGjfjB8
+MDYGA1UdEQQvMC2HBH8AAAGHBAoAAgSCCWxvY2FsaG9zdIIUd2ViaG9vay1zZXJ2
+ZXIubG9jYWwwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0G
+A1UdDgQWBBRBfDw/L2GiRscpR4sQvRjOoUV/MDANBgkqhkiG9w0BAQsFAAOCAQEA
+WunQMC+EqvCrN6cGGkyIenNw3V1SVAneuvcTIoWxsRFINI2ubRBWDe5ZxkDLvJKH
+ou8Yq9jyxJehxGkr8yoIoYaDqEo4YBlmQSm7TJ34N5kVJGoy/GrZ/IwMtjA/6QMQ
+CjCXwAC4KmNfpEk6y3qcjxZcGQE+YRuIbms4YKPiDmR0duY+umMJAzDmqliGXThe
+rnoeweOz+koIHYSx8g9ZApg51rc0EoNyqoxcwTV7Q0BTtGB9DQUxbRyZZNLaOr6r
+BfR00zg7tIKmIe2wXEVREkDGPoOY+F6nPcYEYdMyepODaRKsvj8x0/ghbf60nu7H
+4JwUiMr6JP0LSHNDXbgWPQ==
+-----END CERTIFICATE-----

config/dev/serving-certs/tls.key

+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCT7Fk/xSQ7ABsp
+Q1rBIV4d0elmvshkWSobGa5+xgtnXkAD7XMj36Wb8IOCR8NfxVZs2PhMbiyKgkTO
+SfjpHj8veMEbbcSuBWsBWOMqlrZzvLiNFF31Hl5A//RDgzKe9RyhDMHsQ7fV9bYl
+sKECvUHWqhKTMVeSZTgHTYBX3FP2b2uRqR36Dy4iF5Qc49GpJFOCKY3qk87p/3NK
+gemCRbripuzsXyzmS5plZt4yk4KOAil5/hwWPiQJDhun5onO7nRX7xgi3BbkFIW5
+kvqdtUOHk+PvHAZ+fot7IQBpLs/GAdqR46/kfMBN8wFeF5Hn1u9JLMT9UxbCNy6z
+tijFqmCbAgMBAAECggEARo+xqyfBNpvAWRiWDBZ8rMDbE3XiZWvbF/5SLIsQGYju
+BHGaQPyIJTC/qr/MxLx/k4CUQPE1MgUeCUFkCN+yyFRT2V+tOE3BU20xP7mQ4vid
+GD8k6q5Hy73MqP/Gf+jwdSp+vtM2uEtzTdtJkuLwqxOJtMkOuvipl2Iy3LZvHtgh
+pdPYMp6wb0j/QDjaLCKw/7WosGcLLmAnBZAe+I7J2xDwirZTQYfVVqYTgaoh1UFX
+YpHWJ7oc/2vxWJA7K4m+rjx76X02eC/FkJYSlHJz8+IddRq29HVxHeS/mj4LLAvD
+Zh2LU0rZLjXtYepevZ8jSBfrCauUg8opCqOKTMxQwQKBgQDLNZE/qIr1H8s5M+OK
+KAmhfHoM6ZoKFcGx8YAn8sVfLqbu6iC6E0/uIvNRGbVhL3ZJCjPBBOlV3l6h2oth
+HKDsCkGoWMUsVDOgM1i/n6wt2H0DL4771NyuabRprUSD745kbiVBjGUklMdSGDOV
+TpFPMxM7bGrmhf0RnUJlaCkHawKBgQC6WfwTQ4XNfVDe+FRsvThDpkeurkU5cXCh
+HmG1b3wlUF4q0i9EQ3TPy5Y0gyEWJ9XRG52KVlxyorGQ25uweDhSTmeqmhwoT5gR
+Ip8GlFNFv/EEny/q4ViTpvhcPbpUqiASGwXw0YgR9jOIbSZkmOVysZBEOedNcR8Z
+l7urhDvHkQKBgHIO+h0CDCT0GIxd/JyCRo2Woab3w5dfiN3JEMbbdD8tn1NApOfs
+iRPAGFRwGqeXDUyH5m6zxAiHjRRJ56u1dvml9B563Qk5pdSInYrJI8qD1f9gxV/C
+pa9b84DRWUC4yHLEhDLbi7XRsGL65JEsjVEn+OaEvyfvExG89BSZN1ZLAoGAIZ2F
+2Tu+8Th/1BjbsdnYQmvGVn5dQmVyOb4vRflcXabHtdXAbQH2Gl3RNJvK5iI9ccEX
+hBLcDlnGyiizRvwIvOAj1ySBm8vv1Hd4VEmBU/2xznGgxS/tOIVQG+OOryMZMerq
+AWzqrMLKvPtjh5YFHdFmAsinLtMPFyDF28S4u+ECgYBO8U9WhdBM5TSocmoH6al5
+OT9FgdhKi5BDDjvR/kZ4o0qP4Ku2xbWWK851UCvyk9CDRG3CPCcRYBOuZyZ8CwZS
+tdZH2AdiZekmcD4wOJqbzYNu6PL60RVSsCKJhyk4gBtAZrsFYZ/aAkG2GpEYKrno
+NBOcK40GdpwmjpUhhbEsvw==
+-----END PRIVATE KEY-----

config/dev/webhookcainjection_patch.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  labels:
+    app.kubernetes.io/name: mutatingwebhookconfiguration
+    app.kubernetes.io/instance: mutating-webhook-configuration
+    app.kubernetes.io/component: webhook
+    app.kubernetes.io/created-by: controllermanager
+    app.kubernetes.io/part-of: controllermanager
+    app.kubernetes.io/managed-by: kustomize
+  name: mutating-webhook-configuration
+webhooks:
+  - name: mpod.kb.io
+    clientConfig:
+      url: https://192.168.122.60:9443/mutate-v1-pod
+      caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIVENDQWdXZ0F3SUJBZ0lVS1B3bFFOc0RrOTc2Uk5NMGRVQ2l4c2dxNk5Fd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dERVdNQlFHQTFVRUF3d05iRzlqWVd3dGQyVmlhRzl2YXpBZUZ3MHlOREV3TURNd05ESXdOREJhRncweQpOVEV3TURNd05ESXdOREJhTUJneEZqQVVCZ05WQkFNTURXeHZZMkZzTFhkbFltaHZiMnN3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM4aDQ5S0Y0Y0hvS1dDVVU2ZmdJdXdvWXNvVm1mZkFSRjYKYVF1ZHlCektZaVRaNUxlYUZjUlp6dmg0U2RLZllhQmI5ZW9RU1hsUUhWU3lXVjN2MWFrRWRpcWxiWXJpRzhRLwp0UWFIZHpZT05rcEc0aHQyRW04cDN5Q08vTkhlRHNtZ3JBQ1pYWEFxNDFuai9qcHFQd2xDUkdwQk9Sa3dTeXZZCjJmUWM3Z1pKbFY3ZmUzbE9LcTA1UzFYSElqdU9zbnArMHdqa1I1VnIyQ1J3a0ZGYkIvTnBRRnZtbWhwQWJQNEIKYmJlT0Q5Y1FCakVPWjN5aVlJQWZ5RVp0MEIyZUo5S1EzUlcrbTFlSHFYSnFEakhrVXlpZUZuRE5hdzdCMXpjTwo1bGcxVGxZQWRxNWZoV21KTlBZbjNjdWtvS0tKL2xiQk80Z2pjL3AzY2tnY3VMWGMydlRYQWdNQkFBR2pYekJkCk1EWUdBMVVkRVFRdk1DMkhCSDhBQUFHSEJNQ29lanlDQ1d4dlkyRnNhRzl6ZElJVWQyVmlhRzl2YXkxelpYSjIKWlhJdWJHOWpZV3d3RGdZRFZSMFBBUUgvQkFRREFnV2dNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01CTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ3kwNlZGOEgzMG5vVVpwSW9STWQwSG5NRzA3aHdpNzZOU1hvZFZjN1E4CndHR09qR3h5czZ6M0NJQmEySEp2M0VRUWhzajEvN0VrM1EyVUorRWlweDNpNTlocDNRYWw2SzFvdzFXRlowNEEKTHh0Mm03eCs4Nmh3Q2NaWGpDNmVNdnhORTFEUmJuRnJTRElaR044akNtZHN2WjdqOXUrSUV0cVEwSWNML3AzWgpIdHJoc0ZzTU5BdnU2MDRZSmhPdTlid1NoOVNNQlo1bHcwOTRJU2Z4NDdFVXQzM1F2UXZWMkVncDNoa2lWR1A2Ci91YnhXWWpJQzd3Zk9wZ0dsc2tEZ1RUSnlZTWM1WEI2UlAwaWdZdGhoWlpNVWhtV1g1VEpKZWV5c2RLa0oyMkEKRkptZ1c5em1kNHVlb05IM0JPcjZlK3YyVlhHcUxuME54RlFXaUl2NUsyRFMKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+    rules:
+      - operations: [ "CREATE", "UPDATE" ]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+    failurePolicy: Ignore
+    sideEffects: None
+    admissionReviewVersions: ["v1"]
+    objectSelector:
+      matchLabels:
+        l2sm: "true"

config/manager/kustomization.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resources:
+- manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: alexdecb/l2sm-controller-manager
+  newTag: 2.7.1

config/manager/manager.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: namespace
+    app.kubernetes.io/instance: system
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: deployment
+    app.kubernetes.io/instance: controller-manager
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+spec:
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+  replicas: 1
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        control-plane: controller-manager
+    spec:
+      # TODO(user): Uncomment the following code to configure the nodeAffinity expression
+      # according to the platforms which are supported by your solution.
+      # It is considered best practice to support multiple architectures. You can
+      # build your manager image using the makefile target docker-buildx.
+      # affinity:
+      #   nodeAffinity:
+      #     requiredDuringSchedulingIgnoredDuringExecution:
+      #       nodeSelectorTerms:
+      #         - matchExpressions:
+      #           - key: kubernetes.io/arch
+      #             operator: In
+      #             values:
+      #               - amd64
+      #               - arm64
+      #               - ppc64le
+      #               - s390x
+      #           - key: kubernetes.io/os
+      #             operator: In
+      #             values:
+      #               - linux
+      securityContext:
+        runAsNonRoot: true
+        # TODO(user): For common cases that do not require escalating privileges
+        # it is recommended to ensure that all your Pods/Containers are restrictive.
+        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
+        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
+        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
+        # seccompProfile:
+        #   type: RuntimeDefault
+      containers:
+      - command:
+        - /manager
+        args:
+        - --leader-elect
+        env:
+        - name: CONTROLLER_IP
+          value: l2sm-controller-service.l2sm-system.svc.cluster.local
+        - name: CONTROLLER_PORT
+          value: "8181"
+        - name: SWITCHES_NAMESPACE
+          value: "l2sm-system"
+        image: controller:latest
+        name: manager
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - "ALL"
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        # TODO(user): Configure the resources accordingly based on the project requirements.
+        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+      serviceAccountName: controller-manager
+      terminationGracePeriodSeconds: 10

config/prometheus/kustomization.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resources:
+- monitor.yaml

config/prometheus/monitor.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Prometheus Monitor Service (Metrics)
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: servicemonitor
+    app.kubernetes.io/instance: controller-manager-metrics-monitor
+    app.kubernetes.io/component: metrics
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: controller-manager-metrics-monitor
+  namespace: system
+spec:
+  endpoints:
+    - path: /metrics
+      port: https
+      scheme: https
+      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+      tlsConfig:
+        insecureSkipVerify: true
+  selector:
+    matchLabels:
+      control-plane: controller-manager

config/rbac/auth_proxy_client_clusterrole.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: metrics-reader
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: metrics-reader
+rules:
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get

config/rbac/auth_proxy_role.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: proxy-role
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: proxy-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create

config/rbac/auth_proxy_role_binding.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/instance: proxy-rolebinding
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: proxy-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system

config/rbac/auth_proxy_service.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: service
+    app.kubernetes.io/instance: controller-manager-metrics-service
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: controller-manager-metrics-service
+  namespace: system
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    control-plane: controller-manager

config/rbac/kustomization.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+# Comment the following 4 lines if you want to disable
+# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+# which protects your /metrics endpoint.
+- auth_proxy_service.yaml
+- auth_proxy_role.yaml
+- auth_proxy_role_binding.yaml
+- auth_proxy_client_clusterrole.yaml

config/rbac/l2overlay_editor_role.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to edit networkedgedevices.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: networkedgedevice-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: networkedgedevice-editor-role
+rules:
+- apiGroups:
+  - l2sm.l2sm.k8s.local
+  resources:
+  - networkedgedevices
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - l2sm.l2sm.k8s.local
+  resources:
+  - networkedgedevices/status
+  verbs:
+  - get

config/rbac/l2smmdnoverlay_viewer_role.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to view networkedgedevices.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: networkedgedevice-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: networkedgedevice-viewer-role
+rules:
+- apiGroups:
+  - l2sm.l2sm.k8s.local
+  resources:
+  - networkedgedevices
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - l2sm.l2sm.k8s.local
+  resources:
+  - networkedgedevices/status
+  verbs:
+  - get

config/rbac/l2smnetwork_editor_role.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to edit l2networks.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: l2network-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: l2network-editor-role
+rules:
+- apiGroups:
+  - l2sm.l2sm.k8s.local
+  resources:
+  - l2networks
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - l2sm.l2sm.k8s.local
+  resources:
+  - l2networks/status
+  verbs:
+  - get

config/rbac/l2smnetwork_viewer_role.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to view l2networks.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: l2network-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: l2network-viewer-role
+rules:
+- apiGroups:
+  - l2sm.l2sm.k8s.local
+  resources:
+  - l2networks
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - l2sm.l2sm.k8s.local
+  resources:
+  - l2networks/status
+  verbs:
+  - get

config/rbac/l2smoverlay_viewer_role.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions for end users to view networkedgedevices.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: networkedgedevice-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: networkedgedevice-viewer-role
+rules:
+- apiGroups:
+  - l2sm.l2sm.k8s.local
+  resources:
+  - networkedgedevices
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - l2sm.l2sm.k8s.local
+  resources:
+  - networkedgedevices/status
+  verbs:
+  - get

config/rbac/leader_election_role.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/name: role
+    app.kubernetes.io/instance: leader-election-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: leader-election-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch

config/rbac/leader_election_role_binding.yaml

+# Copyright 2024 Universidad Carlos III de Madrid
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rolebinding
+    app.kubernetes.io/instance: leader-election-rolebinding
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: l2network
+    app.kubernetes.io/part-of: l2network
+    app.kubernetes.io/managed-by: kustomize
+  name: leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system