deploy/rbac/serviceaccount.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: flock-agent
  namespace: kube-system
---
# M1 RBAC: empty. The agent does not yet read any Kubernetes objects.
# M2+ will add Pod, NetworkPolicy, and NodeConfig permissions here.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: flock-agent
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: flock-agent
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flock-agent
subjects:
  - kind: ServiceAccount
    name: flock-agent
    namespace: kube-system
flock M1 scaffold: CNI plugin + agent + NodeConfig CRD 2026-04-24 21:17:42 -05:00			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: flock-agent`
			`namespace: kube-system`
			`---`
			`# M1 RBAC: empty. The agent does not yet read any Kubernetes objects.`
			`# M2+ will add Pod, NetworkPolicy, and NodeConfig permissions here.`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: flock-agent`
			`rules: []`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: flock-agent`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: flock-agent`
			`subjects:`
			`- kind: ServiceAccount`
			`name: flock-agent`
			`namespace: kube-system`