Created
February 27, 2020 16:35
-
-
Save agentmilindu/fbbb0ef5a1684b96597d76d256e0c987 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Name: admin | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| rolebindings.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
| roles.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
| configmaps [] [] [create delete deletecollection patch update get list watch] | |
| endpoints [] [] [create delete deletecollection patch update get list watch] | |
| persistentvolumeclaims [] [] [create delete deletecollection patch update get list watch] | |
| pods [] [] [create delete deletecollection patch update get list watch] | |
| replicationcontrollers/scale [] [] [create delete deletecollection patch update get list watch] | |
| replicationcontrollers [] [] [create delete deletecollection patch update get list watch] | |
| services [] [] [create delete deletecollection patch update get list watch] | |
| daemonsets.apps [] [] [create delete deletecollection patch update get list watch] | |
| deployments.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
| deployments.apps [] [] [create delete deletecollection patch update get list watch] | |
| replicasets.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
| replicasets.apps [] [] [create delete deletecollection patch update get list watch] | |
| statefulsets.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
| statefulsets.apps [] [] [create delete deletecollection patch update get list watch] | |
| horizontalpodautoscalers.autoscaling [] [] [create delete deletecollection patch update get list watch] | |
| cronjobs.batch [] [] [create delete deletecollection patch update get list watch] | |
| jobs.batch [] [] [create delete deletecollection patch update get list watch] | |
| daemonsets.extensions [] [] [create delete deletecollection patch update get list watch] | |
| deployments.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
| deployments.extensions [] [] [create delete deletecollection patch update get list watch] | |
| ingresses.extensions [] [] [create delete deletecollection patch update get list watch] | |
| networkpolicies.extensions [] [] [create delete deletecollection patch update get list watch] | |
| replicasets.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
| replicasets.extensions [] [] [create delete deletecollection patch update get list watch] | |
| replicationcontrollers.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
| ingresses.networking.k8s.io [] [] [create delete deletecollection patch update get list watch] | |
| networkpolicies.networking.k8s.io [] [] [create delete deletecollection patch update get list watch] | |
| poddisruptionbudgets.policy [] [] [create delete deletecollection patch update get list watch] | |
| deployments.apps/rollback [] [] [create delete deletecollection patch update] | |
| deployments.extensions/rollback [] [] [create delete deletecollection patch update] | |
| localsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
| pods/attach [] [] [get list watch create delete deletecollection patch update] | |
| pods/exec [] [] [get list watch create delete deletecollection patch update] | |
| pods/portforward [] [] [get list watch create delete deletecollection patch update] | |
| pods/proxy [] [] [get list watch create delete deletecollection patch update] | |
| secrets [] [] [get list watch create delete deletecollection patch update] | |
| services/proxy [] [] [get list watch create delete deletecollection patch update] | |
| bindings [] [] [get list watch] | |
| events [] [] [get list watch] | |
| limitranges [] [] [get list watch] | |
| namespaces/status [] [] [get list watch] | |
| namespaces [] [] [get list watch] | |
| pods/log [] [] [get list watch] | |
| pods/status [] [] [get list watch] | |
| replicationcontrollers/status [] [] [get list watch] | |
| resourcequotas/status [] [] [get list watch] | |
| resourcequotas [] [] [get list watch] | |
| controllerrevisions.apps [] [] [get list watch] | |
| serviceaccounts [] [] [impersonate create delete deletecollection patch update get list watch] | |
| Name: aws-node | |
| Labels: <none> | |
| Annotations: kubectl.kubernetes.io/last-applied-configuration: | |
| {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"name":"aws-node"},"rules":[{"apiGroups":["... | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| *.crd.k8s.amazonaws.com [] [] [*] | |
| namespaces.crd.k8s.amazonaws.com [] [] [*] | |
| namespaces [] [] [list watch get] | |
| nodes [] [] [list watch get] | |
| pods [] [] [list watch get] | |
| daemonsets.extensions [] [] [list watch] | |
| Name: cluster-admin | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| *.* [] [] [*] | |
| [*] [] [*] | |
| Name: edit | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| rbac.authorization.k8s.io/aggregate-to-admin=true | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| configmaps [] [] [create delete deletecollection patch update get list watch] | |
| endpoints [] [] [create delete deletecollection patch update get list watch] | |
| persistentvolumeclaims [] [] [create delete deletecollection patch update get list watch] | |
| pods [] [] [create delete deletecollection patch update get list watch] | |
| replicationcontrollers/scale [] [] [create delete deletecollection patch update get list watch] | |
| replicationcontrollers [] [] [create delete deletecollection patch update get list watch] | |
| services [] [] [create delete deletecollection patch update get list watch] | |
| daemonsets.apps [] [] [create delete deletecollection patch update get list watch] | |
| deployments.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
| deployments.apps [] [] [create delete deletecollection patch update get list watch] | |
| replicasets.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
| replicasets.apps [] [] [create delete deletecollection patch update get list watch] | |
| statefulsets.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
| statefulsets.apps [] [] [create delete deletecollection patch update get list watch] | |
| horizontalpodautoscalers.autoscaling [] [] [create delete deletecollection patch update get list watch] | |
| cronjobs.batch [] [] [create delete deletecollection patch update get list watch] | |
| jobs.batch [] [] [create delete deletecollection patch update get list watch] | |
| daemonsets.extensions [] [] [create delete deletecollection patch update get list watch] | |
| deployments.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
| deployments.extensions [] [] [create delete deletecollection patch update get list watch] | |
| ingresses.extensions [] [] [create delete deletecollection patch update get list watch] | |
| networkpolicies.extensions [] [] [create delete deletecollection patch update get list watch] | |
| replicasets.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
| replicasets.extensions [] [] [create delete deletecollection patch update get list watch] | |
| replicationcontrollers.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
| ingresses.networking.k8s.io [] [] [create delete deletecollection patch update get list watch] | |
| networkpolicies.networking.k8s.io [] [] [create delete deletecollection patch update get list watch] | |
| poddisruptionbudgets.policy [] [] [create delete deletecollection patch update get list watch] | |
| deployments.apps/rollback [] [] [create delete deletecollection patch update] | |
| deployments.extensions/rollback [] [] [create delete deletecollection patch update] | |
| pods/attach [] [] [get list watch create delete deletecollection patch update] | |
| pods/exec [] [] [get list watch create delete deletecollection patch update] | |
| pods/portforward [] [] [get list watch create delete deletecollection patch update] | |
| pods/proxy [] [] [get list watch create delete deletecollection patch update] | |
| secrets [] [] [get list watch create delete deletecollection patch update] | |
| services/proxy [] [] [get list watch create delete deletecollection patch update] | |
| bindings [] [] [get list watch] | |
| events [] [] [get list watch] | |
| limitranges [] [] [get list watch] | |
| namespaces/status [] [] [get list watch] | |
| namespaces [] [] [get list watch] | |
| pods/log [] [] [get list watch] | |
| pods/status [] [] [get list watch] | |
| replicationcontrollers/status [] [] [get list watch] | |
| resourcequotas/status [] [] [get list watch] | |
| resourcequotas [] [] [get list watch] | |
| controllerrevisions.apps [] [] [get list watch] | |
| serviceaccounts [] [] [impersonate create delete deletecollection patch update get list watch] | |
| Name: eks:fargate-manager | |
| Labels: <none> | |
| Annotations: kubectl.kubernetes.io/last-applied-configuration: | |
| {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"name":"eks:fargate-manager"},"rules":[{"ap... | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| pods/eviction [] [] [create] | |
| pods [] [] [get list watch delete] | |
| nodes [] [] [get list watch] | |
| Name: eks:node-bootstrapper | |
| Labels: eks.amazonaws.com/component=node | |
| Annotations: kubectl.kubernetes.io/last-applied-configuration: | |
| {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"labels":{"eks.amazonaws.com/component":"no... | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| certificatesigningrequests.certificates.k8s.io/selfnodeserver [] [] [create] | |
| Name: eks:node-manager | |
| Labels: <none> | |
| Annotations: kubectl.kubernetes.io/last-applied-configuration: | |
| {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"name":"eks:node-manager"},"rules":[{"apiGr... | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| pods/eviction [] [] [create] | |
| pods [] [] [get list watch delete] | |
| nodes [] [] [get list watch patch] | |
| Name: eks:podsecuritypolicy:privileged | |
| Labels: eks.amazonaws.com/component=pod-security-policy | |
| kubernetes.io/cluster-service=true | |
| Annotations: kubectl.kubernetes.io/last-applied-configuration: | |
| {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"labels":{"eks.amazonaws.com/component":"po... | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| podsecuritypolicies.policy [] [eks.privileged] [use] | |
| Name: system:aggregate-to-admin | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| rbac.authorization.k8s.io/aggregate-to-admin=true | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| rolebindings.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
| roles.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
| localsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
| Name: system:aggregate-to-edit | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| rbac.authorization.k8s.io/aggregate-to-edit=true | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| configmaps [] [] [create delete deletecollection patch update] | |
| endpoints [] [] [create delete deletecollection patch update] | |
| persistentvolumeclaims [] [] [create delete deletecollection patch update] | |
| pods [] [] [create delete deletecollection patch update] | |
| replicationcontrollers/scale [] [] [create delete deletecollection patch update] | |
| replicationcontrollers [] [] [create delete deletecollection patch update] | |
| services [] [] [create delete deletecollection patch update] | |
| daemonsets.apps [] [] [create delete deletecollection patch update] | |
| deployments.apps/rollback [] [] [create delete deletecollection patch update] | |
| deployments.apps/scale [] [] [create delete deletecollection patch update] | |
| deployments.apps [] [] [create delete deletecollection patch update] | |
| replicasets.apps/scale [] [] [create delete deletecollection patch update] | |
| replicasets.apps [] [] [create delete deletecollection patch update] | |
| statefulsets.apps/scale [] [] [create delete deletecollection patch update] | |
| statefulsets.apps [] [] [create delete deletecollection patch update] | |
| horizontalpodautoscalers.autoscaling [] [] [create delete deletecollection patch update] | |
| cronjobs.batch [] [] [create delete deletecollection patch update] | |
| jobs.batch [] [] [create delete deletecollection patch update] | |
| daemonsets.extensions [] [] [create delete deletecollection patch update] | |
| deployments.extensions/rollback [] [] [create delete deletecollection patch update] | |
| deployments.extensions/scale [] [] [create delete deletecollection patch update] | |
| deployments.extensions [] [] [create delete deletecollection patch update] | |
| ingresses.extensions [] [] [create delete deletecollection patch update] | |
| networkpolicies.extensions [] [] [create delete deletecollection patch update] | |
| replicasets.extensions/scale [] [] [create delete deletecollection patch update] | |
| replicasets.extensions [] [] [create delete deletecollection patch update] | |
| replicationcontrollers.extensions/scale [] [] [create delete deletecollection patch update] | |
| ingresses.networking.k8s.io [] [] [create delete deletecollection patch update] | |
| networkpolicies.networking.k8s.io [] [] [create delete deletecollection patch update] | |
| poddisruptionbudgets.policy [] [] [create delete deletecollection patch update] | |
| pods/attach [] [] [get list watch create delete deletecollection patch update] | |
| pods/exec [] [] [get list watch create delete deletecollection patch update] | |
| pods/portforward [] [] [get list watch create delete deletecollection patch update] | |
| pods/proxy [] [] [get list watch create delete deletecollection patch update] | |
| secrets [] [] [get list watch create delete deletecollection patch update] | |
| services/proxy [] [] [get list watch create delete deletecollection patch update] | |
| serviceaccounts [] [] [impersonate create delete deletecollection patch update] | |
| Name: system:aggregate-to-view | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| rbac.authorization.k8s.io/aggregate-to-view=true | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| bindings [] [] [get list watch] | |
| configmaps [] [] [get list watch] | |
| endpoints [] [] [get list watch] | |
| events [] [] [get list watch] | |
| limitranges [] [] [get list watch] | |
| namespaces/status [] [] [get list watch] | |
| namespaces [] [] [get list watch] | |
| persistentvolumeclaims [] [] [get list watch] | |
| pods/log [] [] [get list watch] | |
| pods/status [] [] [get list watch] | |
| pods [] [] [get list watch] | |
| replicationcontrollers/scale [] [] [get list watch] | |
| replicationcontrollers/status [] [] [get list watch] | |
| replicationcontrollers [] [] [get list watch] | |
| resourcequotas/status [] [] [get list watch] | |
| resourcequotas [] [] [get list watch] | |
| serviceaccounts [] [] [get list watch] | |
| services [] [] [get list watch] | |
| controllerrevisions.apps [] [] [get list watch] | |
| daemonsets.apps [] [] [get list watch] | |
| deployments.apps/scale [] [] [get list watch] | |
| deployments.apps [] [] [get list watch] | |
| replicasets.apps/scale [] [] [get list watch] | |
| replicasets.apps [] [] [get list watch] | |
| statefulsets.apps/scale [] [] [get list watch] | |
| statefulsets.apps [] [] [get list watch] | |
| horizontalpodautoscalers.autoscaling [] [] [get list watch] | |
| cronjobs.batch [] [] [get list watch] | |
| jobs.batch [] [] [get list watch] | |
| daemonsets.extensions [] [] [get list watch] | |
| deployments.extensions/scale [] [] [get list watch] | |
| deployments.extensions [] [] [get list watch] | |
| ingresses.extensions [] [] [get list watch] | |
| networkpolicies.extensions [] [] [get list watch] | |
| replicasets.extensions/scale [] [] [get list watch] | |
| replicasets.extensions [] [] [get list watch] | |
| replicationcontrollers.extensions/scale [] [] [get list watch] | |
| ingresses.networking.k8s.io [] [] [get list watch] | |
| networkpolicies.networking.k8s.io [] [] [get list watch] | |
| poddisruptionbudgets.policy [] [] [get list watch] | |
| Name: system:auth-delegator | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| tokenreviews.authentication.k8s.io [] [] [create] | |
| subjectaccessreviews.authorization.k8s.io [] [] [create] | |
| Name: system:aws-cloud-provider | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| nodes [] [] [get patch] | |
| Name: system:basic-user | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| selfsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
| selfsubjectrulesreviews.authorization.k8s.io [] [] [create] | |
| Name: system:certificates.k8s.io:certificatesigningrequests:nodeclient | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| certificatesigningrequests.certificates.k8s.io/nodeclient [] [] [create] | |
| Name: system:certificates.k8s.io:certificatesigningrequests:selfnodeclient | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| certificatesigningrequests.certificates.k8s.io/selfnodeclient [] [] [create] | |
| Name: system:controller:attachdetach-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| volumeattachments.storage.k8s.io [] [] [create delete get list watch] | |
| events [] [] [create patch update] | |
| nodes [] [] [get list watch] | |
| csidrivers.storage.k8s.io [] [] [get list watch] | |
| persistentvolumeclaims [] [] [list watch] | |
| persistentvolumes [] [] [list watch] | |
| pods [] [] [list watch] | |
| nodes/status [] [] [patch update] | |
| Name: system:controller:certificate-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| subjectaccessreviews.authorization.k8s.io [] [] [create] | |
| certificatesigningrequests.certificates.k8s.io [] [] [delete get list watch] | |
| certificatesigningrequests.certificates.k8s.io/approval [] [] [update] | |
| certificatesigningrequests.certificates.k8s.io/status [] [] [update] | |
| Name: system:controller:clusterrole-aggregation-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| *.* [] [] [*] | |
| [*] [] [*] | |
| Name: system:controller:cronjob-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| jobs.batch [] [] [create delete get list patch update watch] | |
| events [] [] [create patch update] | |
| pods [] [] [delete list] | |
| cronjobs.batch [] [] [get list update watch] | |
| cronjobs.batch/finalizers [] [] [update] | |
| cronjobs.batch/status [] [] [update] | |
| Name: system:controller:daemon-set-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| controllerrevisions.apps [] [] [create delete get list patch update watch] | |
| pods [] [] [create delete list patch watch] | |
| events [] [] [create patch update] | |
| pods/binding [] [] [create] | |
| daemonsets.apps [] [] [get list watch] | |
| daemonsets.extensions [] [] [get list watch] | |
| nodes [] [] [list watch] | |
| daemonsets.apps/finalizers [] [] [update] | |
| daemonsets.apps/status [] [] [update] | |
| daemonsets.extensions/finalizers [] [] [update] | |
| daemonsets.extensions/status [] [] [update] | |
| Name: system:controller:deployment-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| replicasets.apps [] [] [create delete get list patch update watch] | |
| replicasets.extensions [] [] [create delete get list patch update watch] | |
| events [] [] [create patch update] | |
| pods [] [] [get list update watch] | |
| deployments.apps [] [] [get list update watch] | |
| deployments.extensions [] [] [get list update watch] | |
| deployments.apps/finalizers [] [] [update] | |
| deployments.apps/status [] [] [update] | |
| deployments.extensions/finalizers [] [] [update] | |
| deployments.extensions/status [] [] [update] | |
| Name: system:controller:disruption-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| replicationcontrollers [] [] [get list watch] | |
| deployments.apps [] [] [get list watch] | |
| replicasets.apps [] [] [get list watch] | |
| statefulsets.apps [] [] [get list watch] | |
| deployments.extensions [] [] [get list watch] | |
| replicasets.extensions [] [] [get list watch] | |
| poddisruptionbudgets.policy [] [] [get list watch] | |
| poddisruptionbudgets.policy/status [] [] [update] | |
| Name: system:controller:endpoint-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| endpoints [] [] [create delete get list update] | |
| events [] [] [create patch update] | |
| endpoints/restricted [] [] [create] | |
| pods [] [] [get list watch] | |
| services [] [] [get list watch] | |
| Name: system:controller:expand-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| persistentvolumes [] [] [get list patch update watch] | |
| persistentvolumeclaims [] [] [get list watch] | |
| storageclasses.storage.k8s.io [] [] [get list watch] | |
| endpoints [] [] [get] | |
| secrets [] [] [get] | |
| services [] [] [get] | |
| persistentvolumeclaims/status [] [] [patch update] | |
| Name: system:controller:generic-garbage-collector | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| *.* [] [] [delete get list patch update watch] | |
| Name: system:controller:horizontal-pod-autoscaler | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| horizontalpodautoscalers.autoscaling [] [] [get list watch] | |
| *.custom.metrics.k8s.io [] [] [get list] | |
| *.*/scale [] [] [get update] | |
| services/proxy [] [http:heapster:] [get] | |
| services/proxy [] [https:heapster:] [get] | |
| pods [] [] [list] | |
| pods.metrics.k8s.io [] [] [list] | |
| horizontalpodautoscalers.autoscaling/status [] [] [update] | |
| Name: system:controller:job-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| pods [] [] [create delete list patch watch] | |
| events [] [] [create patch update] | |
| jobs.batch [] [] [get list update watch] | |
| jobs.batch/finalizers [] [] [update] | |
| jobs.batch/status [] [] [update] | |
| Name: system:controller:namespace-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| *.* [] [] [delete deletecollection get list] | |
| namespaces [] [] [delete get list watch] | |
| namespaces/finalize [] [] [update] | |
| namespaces/status [] [] [update] | |
| Name: system:controller:node-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| nodes [] [] [delete get list patch update] | |
| pods [] [] [delete list] | |
| nodes/status [] [] [patch update] | |
| pods/status [] [] [update] | |
| Name: system:controller:persistent-volume-binder | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| persistentvolumes [] [] [create delete get list update watch] | |
| pods [] [] [create delete get list watch] | |
| endpoints [] [] [create delete get] | |
| services [] [] [create delete get] | |
| persistentvolumeclaims [] [] [get list update watch] | |
| storageclasses.storage.k8s.io [] [] [get list watch] | |
| nodes [] [] [get list] | |
| secrets [] [] [get] | |
| persistentvolumeclaims/status [] [] [update] | |
| persistentvolumes/status [] [] [update] | |
| events [] [] [watch create patch update] | |
| Name: system:controller:pod-garbage-collector | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| pods [] [] [delete list watch] | |
| nodes [] [] [list] | |
| Name: system:controller:pv-protection-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| persistentvolumes [] [] [get list update watch] | |
| Name: system:controller:pvc-protection-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| persistentvolumeclaims [] [] [get list update watch] | |
| pods [] [] [get list watch] | |
| Name: system:controller:replicaset-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| pods [] [] [create delete list patch watch] | |
| events [] [] [create patch update] | |
| replicasets.apps [] [] [get list update watch] | |
| replicasets.extensions [] [] [get list update watch] | |
| replicasets.apps/finalizers [] [] [update] | |
| replicasets.apps/status [] [] [update] | |
| replicasets.extensions/finalizers [] [] [update] | |
| replicasets.extensions/status [] [] [update] | |
| Name: system:controller:replication-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| pods [] [] [create delete list patch watch] | |
| events [] [] [create patch update] | |
| replicationcontrollers [] [] [get list update watch] | |
| replicationcontrollers/finalizers [] [] [update] | |
| replicationcontrollers/status [] [] [update] | |
| Name: system:controller:resourcequota-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| *.* [] [] [list watch] | |
| resourcequotas/status [] [] [update] | |
| Name: system:controller:route-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| nodes [] [] [list watch] | |
| nodes/status [] [] [patch] | |
| Name: system:controller:service-account-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| serviceaccounts [] [] [create] | |
| Name: system:controller:service-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| services [] [] [get list watch] | |
| nodes [] [] [list watch] | |
| services/status [] [] [update] | |
| Name: system:controller:statefulset-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| controllerrevisions.apps [] [] [create delete get list patch update watch] | |
| persistentvolumeclaims [] [] [create get] | |
| events [] [] [create patch update] | |
| statefulsets.apps [] [] [get list watch] | |
| pods [] [] [list watch create delete get patch update] | |
| statefulsets.apps/finalizers [] [] [update] | |
| statefulsets.apps/status [] [] [update] | |
| Name: system:controller:ttl-controller | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| nodes [] [] [list patch update watch] | |
| Name: system:coredns | |
| Labels: eks.amazonaws.com/component=coredns | |
| k8s-app=kube-dns | |
| kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: kubectl.kubernetes.io/last-applied-configuration: | |
| {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"labels":{"eks.amazonaws.com/component":"co... | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| nodes [] [] [get] | |
| endpoints [] [] [list watch] | |
| namespaces [] [] [list watch] | |
| pods [] [] [list watch] | |
| services [] [] [list watch] | |
| Name: system:csi-external-attacher | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create get list patch update watch] | |
| persistentvolumes [] [] [get list patch update watch] | |
| volumeattachments.storage.k8s.io [] [] [get list patch update watch] | |
| nodes [] [] [get list watch] | |
| Name: system:csi-external-provisioner | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| persistentvolumes [] [] [create delete get list watch] | |
| events [] [] [create get list patch update watch] | |
| persistentvolumeclaims [] [] [get list patch update watch] | |
| nodes [] [] [get list watch] | |
| csinodes.storage.k8s.io [] [] [get list watch] | |
| storageclasses.storage.k8s.io [] [] [list watch] | |
| Name: system:discovery | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| [/api/*] [] [get] | |
| [/api] [] [get] | |
| [/apis/*] [] [get] | |
| [/apis] [] [get] | |
| [/healthz] [] [get] | |
| [/openapi/*] [] [get] | |
| [/openapi] [] [get] | |
| [/version/] [] [get] | |
| [/version] [] [get] | |
| Name: system:heapster | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [get list watch] | |
| namespaces [] [] [get list watch] | |
| nodes [] [] [get list watch] | |
| pods [] [] [get list watch] | |
| deployments.extensions [] [] [get list watch] | |
| Name: system:kube-aggregator | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| endpoints [] [] [get list watch] | |
| services [] [] [get list watch] | |
| Name: system:kube-controller-manager | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| secrets [] [] [create delete get update] | |
| endpoints [] [] [create get update] | |
| serviceaccounts [] [] [create get update] | |
| events [] [] [create patch update] | |
| tokenreviews.authentication.k8s.io [] [] [create] | |
| subjectaccessreviews.authorization.k8s.io [] [] [create] | |
| configmaps [] [] [get] | |
| namespaces [] [] [get] | |
| *.* [] [] [list watch] | |
| Name: system:kube-dns | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| endpoints [] [] [list watch] | |
| services [] [] [list watch] | |
| Name: system:kube-scheduler | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| bindings [] [] [create] | |
| endpoints [] [] [create] | |
| pods/binding [] [] [create] | |
| tokenreviews.authentication.k8s.io [] [] [create] | |
| subjectaccessreviews.authorization.k8s.io [] [] [create] | |
| pods [] [] [delete get list watch] | |
| endpoints [] [kube-scheduler] [delete get patch update] | |
| nodes [] [] [get list watch] | |
| persistentvolumeclaims [] [] [get list watch] | |
| persistentvolumes [] [] [get list watch] | |
| replicationcontrollers [] [] [get list watch] | |
| services [] [] [get list watch] | |
| replicasets.apps [] [] [get list watch] | |
| statefulsets.apps [] [] [get list watch] | |
| replicasets.extensions [] [] [get list watch] | |
| poddisruptionbudgets.policy [] [] [get list watch] | |
| pods/status [] [] [patch update] | |
| Name: system:kubelet-api-admin | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| nodes/log [] [] [*] | |
| nodes/metrics [] [] [*] | |
| nodes/proxy [] [] [*] | |
| nodes/spec [] [] [*] | |
| nodes/stats [] [] [*] | |
| nodes [] [] [get list watch proxy] | |
| Name: system:node | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| leases.coordination.k8s.io [] [] [create delete get patch update] | |
| csinodes.storage.k8s.io [] [] [create delete get patch update] | |
| nodes [] [] [create get list watch patch update] | |
| certificatesigningrequests.certificates.k8s.io [] [] [create get list watch] | |
| events [] [] [create patch update] | |
| pods/eviction [] [] [create] | |
| serviceaccounts/token [] [] [create] | |
| tokenreviews.authentication.k8s.io [] [] [create] | |
| localsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
| subjectaccessreviews.authorization.k8s.io [] [] [create] | |
| pods [] [] [get list watch create delete] | |
| configmaps [] [] [get list watch] | |
| secrets [] [] [get list watch] | |
| services [] [] [get list watch] | |
| runtimeclasses.node.k8s.io [] [] [get list watch] | |
| csidrivers.storage.k8s.io [] [] [get list watch] | |
| persistentvolumeclaims/status [] [] [get patch update] | |
| endpoints [] [] [get] | |
| persistentvolumeclaims [] [] [get] | |
| persistentvolumes [] [] [get] | |
| volumeattachments.storage.k8s.io [] [] [get] | |
| nodes/status [] [] [patch update] | |
| pods/status [] [] [patch update] | |
| Name: system:node-bootstrapper | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| certificatesigningrequests.certificates.k8s.io [] [] [create get list watch] | |
| Name: system:node-problem-detector | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| nodes [] [] [get] | |
| nodes/status [] [] [patch] | |
| Name: system:node-proxier | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| events [] [] [create patch update] | |
| nodes [] [] [get] | |
| endpoints [] [] [list watch] | |
| services [] [] [list watch] | |
| Name: system:persistent-volume-provisioner | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| persistentvolumes [] [] [create delete get list watch] | |
| persistentvolumeclaims [] [] [get list update watch] | |
| storageclasses.storage.k8s.io [] [] [get list watch] | |
| events [] [] [watch create patch update] | |
| Name: system:public-info-viewer | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| [/healthz] [] [get] | |
| [/version/] [] [get] | |
| [/version] [] [get] | |
| Name: system:volume-scheduler | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| persistentvolumeclaims [] [] [get list patch update watch] | |
| persistentvolumes [] [] [get list patch update watch] | |
| storageclasses.storage.k8s.io [] [] [get list watch] | |
| Name: view | |
| Labels: kubernetes.io/bootstrapping=rbac-defaults | |
| rbac.authorization.k8s.io/aggregate-to-edit=true | |
| Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
| PolicyRule: | |
| Resources Non-Resource URLs Resource Names Verbs | |
| --------- ----------------- -------------- ----- | |
| bindings [] [] [get list watch] | |
| configmaps [] [] [get list watch] | |
| endpoints [] [] [get list watch] | |
| events [] [] [get list watch] | |
| limitranges [] [] [get list watch] | |
| namespaces/status [] [] [get list watch] | |
| namespaces [] [] [get list watch] | |
| persistentvolumeclaims [] [] [get list watch] | |
| pods/log [] [] [get list watch] | |
| pods/status [] [] [get list watch] | |
| pods [] [] [get list watch] | |
| replicationcontrollers/scale [] [] [get list watch] | |
| replicationcontrollers/status [] [] [get list watch] | |
| replicationcontrollers [] [] [get list watch] | |
| resourcequotas/status [] [] [get list watch] | |
| resourcequotas [] [] [get list watch] | |
| serviceaccounts [] [] [get list watch] | |
| services [] [] [get list watch] | |
| controllerrevisions.apps [] [] [get list watch] | |
| daemonsets.apps [] [] [get list watch] | |
| deployments.apps/scale [] [] [get list watch] | |
| deployments.apps [] [] [get list watch] | |
| replicasets.apps/scale [] [] [get list watch] | |
| replicasets.apps [] [] [get list watch] | |
| statefulsets.apps/scale [] [] [get list watch] | |
| statefulsets.apps [] [] [get list watch] | |
| horizontalpodautoscalers.autoscaling [] [] [get list watch] | |
| cronjobs.batch [] [] [get list watch] | |
| jobs.batch [] [] [get list watch] | |
| daemonsets.extensions [] [] [get list watch] | |
| deployments.extensions/scale [] [] [get list watch] | |
| deployments.extensions [] [] [get list watch] | |
| ingresses.extensions [] [] [get list watch] | |
| networkpolicies.extensions [] [] [get list watch] | |
| replicasets.extensions/scale [] [] [get list watch] | |
| replicasets.extensions [] [] [get list watch] | |
| replicationcontrollers.extensions/scale [] [] [get list watch] | |
| ingresses.networking.k8s.io [] [] [get list watch] | |
| networkpolicies.networking.k8s.io [] [] [get list watch] | |
| poddisruptionbudgets.policy [] [] [get list watch] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment