Skip to content

Instantly share code, notes, and snippets.

@aweiteka

aweiteka/osd-clusterroles.yaml

Created January 17, 2019 16:50
Show Gist options
  • Save aweiteka/6e75492d805d067caa4be6fd6273e2ac to your computer and use it in GitHub Desktop.
Save aweiteka/6e75492d805d067caa4be6fd6273e2ac to your computer and use it in GitHub Desktop.
Download ZIP
OpenShift Dedicated clusterroles -- dedicated-cluster-admin and dedicated-project-admin
Raw
osd-clusterroles.yaml
---
apiVersion: authorization.openshift.io/v1
kind: ClusterRole
metadata:
annotations:
authorization.openshift.io/system-only: "true"
creationTimestamp: null
name: dedicated-cluster-admin
rules:
- apiGroups:
- ""
- user.openshift.io
attributeRestrictions: null
resources:
- groups
- identities
- useridentitymappings
- users
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- authorization.openshift.io
attributeRestrictions: null
resources:
- clusterrolebindings
- rolebindings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
attributeRestrictions: null
resources:
- clusterrolebindings
- rolebindings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- oauth.openshift.io
attributeRestrictions: null
resources:
- oauthclients
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- oauth.openshift.io
attributeRestrictions: null
resources:
- oauthclientauthorizations
verbs:
- delete
- get
- list
- watch
- apiGroups:
- ""
- authorization.openshift.io
attributeRestrictions: null
resources:
- resourceaccessreviews
- subjectaccessreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
attributeRestrictions: null
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- ""
- project.openshift.io
attributeRestrictions: null
resources:
- projectrequests
verbs:
- create
- apiGroups:
- ""
attributeRestrictions: null
resources:
- events
- minions
- nodes
- persistentvolumes
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
- security.openshift.io
attributeRestrictions: null
resources:
- securitycontextconstraints
verbs:
- get
- list
- watch
- apiGroups:
- ""
- quota.openshift.io
attributeRestrictions: null
resources:
- clusterresourcequotas
verbs:
- get
- list
- watch
- apiGroups:
- ""
- authorization.openshift.io
attributeRestrictions: null
resources:
- clusterpolicybindings
verbs:
- get
- list
- apiGroups:
- ""
- image.openshift.io
attributeRestrictions: null
resources:
- images
- imagestreamtags
verbs:
- get
- list
- watch
- apiGroups:
- ""
- network.openshift.io
attributeRestrictions: null
resources:
- netnamespaces
verbs:
- get
- list
- update
- apiGroups:
- ""
- network.openshift.io
attributeRestrictions: null
resources:
- clusternetworks
verbs:
- get
- list
- apiGroups:
- ""
- build.openshift.io
attributeRestrictions: null
resources:
- buildconfigs
- builds
verbs:
- get
- list
- watch
---
apiVersion: authorization.openshift.io/v1
kind: ClusterRole
metadata:
annotations:
authorization.openshift.io/system-only: "true"
creationTimestamp: null
name: dedicated-project-admin
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- limitranges
- resourcequotas
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- network.openshift.io
attributeRestrictions: null
resources:
- egressnetworkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- extensions
attributeRestrictions: null
resources:
- daemonsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment