Skip to content

Instantly share code, notes, and snippets.

@djschny

djschny/restore.json Secret

Created August 9, 2017 01:57
Show Gist options
  • Save djschny/f0879b2173478ce03238b0a68e4345c4 to your computer and use it in GitHub Desktop.
Save djschny/f0879b2173478ce03238b0a68e4345c4 to your computer and use it in GitHub Desktop.
Download ZIP
error from restoring into cluster with ark
Raw
restore.json
{
"kind": "Restore",
"apiVersion": "ark.heptio.com/v1",
"metadata": {
"name": "everything4-20170809011033",
"namespace": "heptio-ark",
"selfLink": "/apis/ark.heptio.com/v1/namespaces/heptio-ark/restores/everything4-20170809011033",
"uid": "8b262e38-7c9f-11e7-8fdb-42010a800099",
"resourceVersion": "1896",
"creationTimestamp": "2017-08-09T01:10:33Z"
},
"spec": {
"backupName": "everything4",
"namespaces": [
"*"
],
"namespaceMapping": {},
"labelSelector": null,
"restorePVs": true
},
"status": {
"phase": "Completed",
"validationErrors": null,
"warnings": {
"ark": null,
"cluster": [
"apiservices.apiregistration.k8s.io \"v1.\" already exists",
"apiservices.apiregistration.k8s.io \"v1.ark.heptio.com\" already exists",
"apiservices.apiregistration.k8s.io \"v1.authorization.k8s.io\" already exists",
"apiservices.apiregistration.k8s.io \"v1.autoscaling\" already exists",
"apiservices.apiregistration.k8s.io \"v1.batch\" already exists",
"apiservices.apiregistration.k8s.io \"v1.networking.k8s.io\" already exists",
"apiservices.apiregistration.k8s.io \"v1.storage.k8s.io\" already exists",
"apiservices.apiregistration.k8s.io \"v1beta1.apiextensions.k8s.io\" already exists",
"apiservices.apiregistration.k8s.io \"v1beta1.apps\" already exists",
"apiservices.apiregistration.k8s.io \"v1beta1.authorization.k8s.io\" already exists",
"apiservices.apiregistration.k8s.io \"v1beta1.certificates.k8s.io\" already exists",
"apiservices.apiregistration.k8s.io \"v1beta1.extensions\" already exists",
"apiservices.apiregistration.k8s.io \"v1beta1.policy\" already exists",
"apiservices.apiregistration.k8s.io \"v1beta1.rbac.authorization.k8s.io\" already exists",
"apiservices.apiregistration.k8s.io \"v1beta1.storage.k8s.io\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"ark\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"cluster-admin\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"event-exporter-rb\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"gce:beta:kubelet-certificate-bootstrap\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"gce:beta:kubelet-certificate-rotation\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"heapster-binding\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"kube-apiserver-kubelet-api-admin\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"kubelet-cluster-admin\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"npd-binding\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:basic-user\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:attachdetach-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:certificate-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:cronjob-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:daemon-set-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:deployment-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:disruption-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:endpoint-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:generic-garbage-collector\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:horizontal-pod-autoscaler\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:job-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:namespace-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:node-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:persistent-volume-binder\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:pod-garbage-collector\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:replicaset-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:replication-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:resourcequota-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:route-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:service-account-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:service-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:statefulset-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:controller:ttl-controller\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:discovery\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:kube-controller-manager\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:kube-dns-autoscaler\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:kube-dns\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:kube-scheduler\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:node-proxier\" already exists",
"clusterrolebindings.rbac.authorization.k8s.io \"system:node\" already exists",
"clusterroles.rbac.authorization.k8s.io \"ark\" already exists",
"clusterroles.rbac.authorization.k8s.io \"gce:beta:kubelet-certificate-bootstrap\" already exists",
"clusterroles.rbac.authorization.k8s.io \"gce:beta:kubelet-certificate-rotation\" already exists",
"clusterroles.rbac.authorization.k8s.io \"system:auth-delegator\" already exists",
"clusterroles.rbac.authorization.k8s.io \"system:basic-user\" already exists",
"clusterroles.rbac.authorization.k8s.io \"system:discovery\" already exists",
"clusterroles.rbac.authorization.k8s.io \"system:kube-dns\" already exists",
"customresourcedefinitions.apiextensions.k8s.io \"backups.ark.heptio.com\" already exists",
"customresourcedefinitions.apiextensions.k8s.io \"configs.ark.heptio.com\" already exists",
"customresourcedefinitions.apiextensions.k8s.io \"restores.ark.heptio.com\" already exists",
"customresourcedefinitions.apiextensions.k8s.io \"schedules.ark.heptio.com\" already exists",
"storageclasses.storage.k8s.io \"standard\" already exists"
],
"namespaces": {
"default": [
"endpoints \"kubernetes\" already exists",
"limitranges \"limits\" already exists",
"serviceaccounts \"default\" already exists",
"services \"kubernetes\" already exists"
],
"kube-instrumentation": [
"serviceaccounts \"default\" already exists"
],
"kube-public": [
"rolebindings.rbac.authorization.k8s.io \"system:controller:bootstrap-signer\" already exists",
"serviceaccounts \"default\" already exists"
]
}
},
"errors": {
"ark": null,
"cluster": [
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/admin.json: clusterroles.rbac.authorization.k8s.io \"admin\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods/attach\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods/attach\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"pods/attach\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/attach\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods/attach\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods/exec\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods/exec\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"pods/exec\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/exec\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods/exec\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods/portforward\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods/portforward\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"pods/portforward\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/portforward\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods/portforward\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods/proxy\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods/proxy\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"pods/proxy\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/proxy\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods/proxy\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"services/proxy\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"services/proxy\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"services/proxy\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services/proxy\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"services/proxy\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"bindings\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"limitranges\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"namespaces/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/log\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"resourcequotas\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"resourcequotas/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"namespaces\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"impersonate\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"apps\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"apps\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"apps\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"rolebindings\"], APIGroups:[\"rbac.authorization.k8s.io\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"rolebindings\"], APIGroups:[\"rbac.authorization.k8s.io\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"rolebindings\"], APIGroups:[\"rbac.authorization.k8s.io\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"rolebindings\"], APIGroups:[\"rbac.authorization.k8s.io\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"rolebindings\"], APIGroups:[\"rbac.authorization.k8s.io\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"roles\"], APIGroups:[\"rbac.authorization.k8s.io\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"roles\"], APIGroups:[\"rbac.authorization.k8s.io\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"roles\"], APIGroups:[\"rbac.authorization.k8s.io\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"roles\"], APIGroups:[\"rbac.authorization.k8s.io\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"roles\"], APIGroups:[\"rbac.authorization.k8s.io\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/cluster-admin.json: clusterroles.rbac.authorization.k8s.io \"cluster-admin\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"*\"]} PolicyRule{NonResourceURLs:[\"*\"], Verbs:[\"*\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/edit.json: clusterroles.rbac.authorization.k8s.io \"edit\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods/attach\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods/attach\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"pods/attach\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/attach\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods/attach\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods/exec\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods/exec\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"pods/exec\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/exec\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods/exec\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods/portforward\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods/portforward\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"pods/portforward\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/portforward\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods/portforward\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods/proxy\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods/proxy\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"pods/proxy\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/proxy\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods/proxy\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"services/proxy\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"services/proxy\"], APIGroups:[\"\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"services/proxy\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services/proxy\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"services/proxy\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"bindings\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"limitranges\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"namespaces/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/log\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"resourcequotas\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"resourcequotas/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"namespaces\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"impersonate\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"apps\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"apps\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"apps\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments/rollback\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/kubelet-api-admin.json: clusterroles.rbac.authorization.k8s.io \"kubelet-api-admin\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"nodes/proxy\"], APIGroups:[\"\"], Verbs:[\"*\"]} PolicyRule{Resources:[\"nodes/log\"], APIGroups:[\"\"], Verbs:[\"*\"]} PolicyRule{Resources:[\"nodes/stats\"], APIGroups:[\"\"], Verbs:[\"*\"]} PolicyRule{Resources:[\"nodes/metrics\"], APIGroups:[\"\"], Verbs:[\"*\"]} PolicyRule{Resources:[\"nodes/spec\"], APIGroups:[\"\"], Verbs:[\"*\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:attachdetach-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:attachdetach-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"nodes/status\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"nodes/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:certificate-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:certificate-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"certificatesigningrequests\"], APIGroups:[\"certificates.k8s.io\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"certificatesigningrequests/approval\"], APIGroups:[\"certificates.k8s.io\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"certificatesigningrequests/status\"], APIGroups:[\"certificates.k8s.io\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:cronjob-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:cronjob-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"cronjobs/status\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:daemon-set-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:daemon-set-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"daemonsets/status\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"controllerrevisions\"], APIGroups:[\"apps\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"controllerrevisions\"], APIGroups:[\"apps\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"controllerrevisions\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:deployment-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:deployment-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/status\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/status\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:disruption-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:disruption-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"poddisruptionbudgets\"], APIGroups:[\"policy\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"poddisruptionbudgets/status\"], APIGroups:[\"policy\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:endpoint-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:endpoint-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:generic-garbage-collector.json: clusterroles.rbac.authorization.k8s.io \"system:controller:generic-garbage-collector\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:horizontal-pod-autoscaler.json: clusterroles.rbac.authorization.k8s.io \"system:controller:horizontal-pod-autoscaler\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"horizontalpodautoscalers/status\"], APIGroups:[\"autoscaling\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"services\"], ResourceNames:[\"http:heapster:\"], APIGroups:[\"\"], Verbs:[\"proxy\"]} PolicyRule{Resources:[\"services\"], ResourceNames:[\"https:heapster:\"], APIGroups:[\"\"], Verbs:[\"proxy\"]} PolicyRule{Resources:[\"services/proxy\"], ResourceNames:[\"http:heapster:\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services/proxy\"], ResourceNames:[\"https:heapster:\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:job-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:job-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"jobs/status\"], APIGroups:[\"batch\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:namespace-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:namespace-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"namespaces\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"namespaces\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"namespaces/finalize\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"namespaces/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"deletecollection\"]} PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"get\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:node-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:node-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"nodes/status\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"nodes/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:persistent-volume-binder.json: clusterroles.rbac.authorization.k8s.io \"system:controller:persistent-volume-binder\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"persistentvolumes\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"persistentvolumes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumes\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"persistentvolumes/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"persistentvolumeclaims/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"storageclasses\"], APIGroups:[\"storage.k8s.io\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:pod-garbage-collector.json: clusterroles.rbac.authorization.k8s.io \"system:controller:pod-garbage-collector\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:replicaset-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:replicaset-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicasets/status\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:replication-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:replication-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicationcontrollers/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:resourcequota-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:resourcequota-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"resourcequotas/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:route-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:route-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"nodes/status\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:service-account-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:service-account-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:service-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:service-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:statefulset-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:statefulset-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"statefulsets/status\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"controllerrevisions\"], APIGroups:[\"apps\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"controllerrevisions\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"controllerrevisions\"], APIGroups:[\"apps\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"controllerrevisions\"], APIGroups:[\"apps\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:controller:ttl-controller.json: clusterroles.rbac.authorization.k8s.io \"system:controller:ttl-controller\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:heapster.json: clusterroles.rbac.authorization.k8s.io \"system:heapster\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"namespaces\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"get\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:kube-aggregator.json: clusterroles.rbac.authorization.k8s.io \"system:kube-aggregator\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"get\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:kube-controller-manager.json: clusterroles.rbac.authorization.k8s.io \"system:kube-controller-manager\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"namespaces\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:kube-dns-autoscaler.json: clusterroles.rbac.authorization.k8s.io \"system:kube-dns-autoscaler\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"get\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:kube-scheduler.json: clusterroles.rbac.authorization.k8s.io \"system:kube-scheduler\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"endpoints\"], ResourceNames:[\"kube-scheduler\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"endpoints\"], ResourceNames:[\"kube-scheduler\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"endpoints\"], ResourceNames:[\"kube-scheduler\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"endpoints\"], ResourceNames:[\"kube-scheduler\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumes\"], APIGroups:[\"\"], Verbs:[\"get\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:node-bootstrapper.json: clusterroles.rbac.authorization.k8s.io \"system:node-bootstrapper\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"certificatesigningrequests\"], APIGroups:[\"certificates.k8s.io\"], Verbs:[\"get\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:node-problem-detector.json: clusterroles.rbac.authorization.k8s.io \"system:node-problem-detector\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"nodes/status\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:node-proxier.json: clusterroles.rbac.authorization.k8s.io \"system:node-proxier\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:node.json: clusterroles.rbac.authorization.k8s.io \"system:node\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"nodes/status\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"nodes/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"nodes\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"pods/status\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"secrets\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"certificatesigningrequests\"], APIGroups:[\"certificates.k8s.io\"], Verbs:[\"get\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/system:persistent-volume-provisioner.json: clusterroles.rbac.authorization.k8s.io \"system:persistent-volume-provisioner\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"persistentvolumes\"], APIGroups:[\"\"], Verbs:[\"delete\"]} PolicyRule{Resources:[\"persistentvolumes\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"storageclasses\"], APIGroups:[\"storage.k8s.io\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]",
"error restoring /tmp/432734394/cluster/clusterroles.rbac.authorization.k8s.io/view.json: clusterroles.rbac.authorization.k8s.io \"view\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"endpoints\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"persistentvolumeclaims\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"serviceaccounts\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"services\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"bindings\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"limitranges\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"namespaces/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/log\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"pods/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"resourcequotas\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"resourcequotas/status\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"namespaces\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"statefulsets\"], APIGroups:[\"apps\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"horizontalpodautoscalers\"], APIGroups:[\"autoscaling\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"cronjobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"jobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"scheduledjobs\"], APIGroups:[\"batch\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"daemonsets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"deployments/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"ingresses\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicasets/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"replicationcontrollers/scale\"], APIGroups:[\"extensions\"], Verbs:[\"get\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]"
],
"namespaces": {
"kube-public": [
"error restoring /tmp/432734394/namespaces/kube-public/roles.rbac.authorization.k8s.io/system:controller:bootstrap-signer.json: roles.rbac.authorization.k8s.io \"system:controller:bootstrap-signer\" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:[\"configmaps\"], APIGroups:[\"\"], Verbs:[\"get\"]} PolicyRule{Resources:[\"configmaps\"], ResourceNames:[\"cluster-info\"], APIGroups:[\"\"], Verbs:[\"update\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"patch\"]} PolicyRule{Resources:[\"events\"], APIGroups:[\"\"], Verbs:[\"update\"]}] user=\u0026{system:serviceaccount:heptio-ark:ark 726c6804-7c9f-11e7-8fdb-42010a800099 [system:serviceaccounts system:serviceaccounts:heptio-ark system:authenticated] map[]} ownerrules=[PolicyRule{Resources:[\"*\"], APIGroups:[\"*\"], Verbs:[\"list\" \"watch\" \"create\"]} PolicyRule{Resources:[\"customresourcedefinitions\"], APIGroups:[\"apiextensions.k8s.io\"], Verbs:[\"create\"]} PolicyRule{Resources:[\"selfsubjectaccessreviews\"], APIGroups:[\"authorization.k8s.io\"], Verbs:[\"create\"]} PolicyRule{NonResourceURLs:[\"/api\" \"/api/*\" \"/apis\" \"/apis/*\" \"/healthz\" \"/swaggerapi\" \"/swaggerapi/*\" \"/version\"], Verbs:[\"get\"]}] ruleResolutionErrors=[]"
]
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment