Created
May 20, 2024 22:20
-
-
Save jenting/493cad236a8b63a2514b19de19e03b5e to your computer and use it in GitHub Desktop.
Kubeadm ClusterRole
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aggregationRule: | |
| clusterRoleSelectors: | |
| - matchLabels: | |
| rbac.authorization.k8s.io/aggregate-to-admin: "true" | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| annotations: | |
| rbac.authorization.kubernetes.io/autoupdate: "true" | |
| labels: | |
| kubernetes.io/bootstrapping: rbac-defaults | |
| name: admin | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods/attach | |
| - pods/exec | |
| - pods/portforward | |
| - pods/proxy | |
| - secrets | |
| - services/proxy | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - serviceaccounts | |
| verbs: | |
| - impersonate | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| - pods/attach | |
| - pods/exec | |
| - pods/portforward | |
| - pods/proxy | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods/eviction | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| - events | |
| - persistentvolumeclaims | |
| - replicationcontrollers | |
| - replicationcontrollers/scale | |
| - secrets | |
| - serviceaccounts | |
| - services | |
| - services/proxy | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - serviceaccounts/token | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - daemonsets | |
| - deployments | |
| - deployments/rollback | |
| - deployments/scale | |
| - replicasets | |
| - replicasets/scale | |
| - statefulsets | |
| - statefulsets/scale | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - autoscaling | |
| resources: | |
| - horizontalpodautoscalers | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - batch | |
| resources: | |
| - cronjobs | |
| - jobs | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - daemonsets | |
| - deployments | |
| - deployments/rollback | |
| - deployments/scale | |
| - ingresses | |
| - networkpolicies | |
| - replicasets | |
| - replicasets/scale | |
| - replicationcontrollers/scale | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - policy | |
| resources: | |
| - poddisruptionbudgets | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - networking.k8s.io | |
| resources: | |
| - ingresses | |
| - networkpolicies | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - coordination.k8s.io | |
| resources: | |
| - leases | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| - endpoints | |
| - persistentvolumeclaims | |
| - persistentvolumeclaims/status | |
| - pods | |
| - replicationcontrollers | |
| - replicationcontrollers/scale | |
| - serviceaccounts | |
| - services | |
| - services/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - bindings | |
| - events | |
| - limitranges | |
| - namespaces/status | |
| - pods/log | |
| - pods/status | |
| - replicationcontrollers/status | |
| - resourcequotas | |
| - resourcequotas/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - namespaces | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - discovery.k8s.io | |
| resources: | |
| - endpointslices | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - controllerrevisions | |
| - daemonsets | |
| - daemonsets/status | |
| - deployments | |
| - deployments/scale | |
| - deployments/status | |
| - replicasets | |
| - replicasets/scale | |
| - replicasets/status | |
| - statefulsets | |
| - statefulsets/scale | |
| - statefulsets/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - autoscaling | |
| resources: | |
| - horizontalpodautoscalers | |
| - horizontalpodautoscalers/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - batch | |
| resources: | |
| - cronjobs | |
| - cronjobs/status | |
| - jobs | |
| - jobs/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - daemonsets | |
| - daemonsets/status | |
| - deployments | |
| - deployments/scale | |
| - deployments/status | |
| - ingresses | |
| - ingresses/status | |
| - networkpolicies | |
| - replicasets | |
| - replicasets/scale | |
| - replicasets/status | |
| - replicationcontrollers/scale | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - policy | |
| resources: | |
| - poddisruptionbudgets | |
| - poddisruptionbudgets/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - networking.k8s.io | |
| resources: | |
| - ingresses | |
| - ingresses/status | |
| - networkpolicies | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - authorization.k8s.io | |
| resources: | |
| - localsubjectaccessreviews | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - rbac.authorization.k8s.io | |
| resources: | |
| - rolebindings | |
| - roles | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aggregationRule: | |
| clusterRoleSelectors: | |
| - matchLabels: | |
| rbac.authorization.k8s.io/aggregate-to-edit: "true" | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| annotations: | |
| rbac.authorization.kubernetes.io/autoupdate: "true" | |
| labels: | |
| kubernetes.io/bootstrapping: rbac-defaults | |
| rbac.authorization.k8s.io/aggregate-to-admin: "true" | |
| name: edit | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods/attach | |
| - pods/exec | |
| - pods/portforward | |
| - pods/proxy | |
| - secrets | |
| - services/proxy | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - serviceaccounts | |
| verbs: | |
| - impersonate | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| - pods/attach | |
| - pods/exec | |
| - pods/portforward | |
| - pods/proxy | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods/eviction | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| - events | |
| - persistentvolumeclaims | |
| - replicationcontrollers | |
| - replicationcontrollers/scale | |
| - secrets | |
| - serviceaccounts | |
| - services | |
| - services/proxy | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - serviceaccounts/token | |
| verbs: | |
| - create | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - daemonsets | |
| - deployments | |
| - deployments/rollback | |
| - deployments/scale | |
| - replicasets | |
| - replicasets/scale | |
| - statefulsets | |
| - statefulsets/scale | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - autoscaling | |
| resources: | |
| - horizontalpodautoscalers | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - batch | |
| resources: | |
| - cronjobs | |
| - jobs | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - daemonsets | |
| - deployments | |
| - deployments/rollback | |
| - deployments/scale | |
| - ingresses | |
| - networkpolicies | |
| - replicasets | |
| - replicasets/scale | |
| - replicationcontrollers/scale | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - policy | |
| resources: | |
| - poddisruptionbudgets | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - networking.k8s.io | |
| resources: | |
| - ingresses | |
| - networkpolicies | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - patch | |
| - update | |
| - apiGroups: | |
| - coordination.k8s.io | |
| resources: | |
| - leases | |
| verbs: | |
| - create | |
| - delete | |
| - deletecollection | |
| - get | |
| - list | |
| - patch | |
| - update | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| - endpoints | |
| - persistentvolumeclaims | |
| - persistentvolumeclaims/status | |
| - pods | |
| - replicationcontrollers | |
| - replicationcontrollers/scale | |
| - serviceaccounts | |
| - services | |
| - services/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - bindings | |
| - events | |
| - limitranges | |
| - namespaces/status | |
| - pods/log | |
| - pods/status | |
| - replicationcontrollers/status | |
| - resourcequotas | |
| - resourcequotas/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - namespaces | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - discovery.k8s.io | |
| resources: | |
| - endpointslices | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - controllerrevisions | |
| - daemonsets | |
| - daemonsets/status | |
| - deployments | |
| - deployments/scale | |
| - deployments/status | |
| - replicasets | |
| - replicasets/scale | |
| - replicasets/status | |
| - statefulsets | |
| - statefulsets/scale | |
| - statefulsets/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - autoscaling | |
| resources: | |
| - horizontalpodautoscalers | |
| - horizontalpodautoscalers/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - batch | |
| resources: | |
| - cronjobs | |
| - cronjobs/status | |
| - jobs | |
| - jobs/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - daemonsets | |
| - daemonsets/status | |
| - deployments | |
| - deployments/scale | |
| - deployments/status | |
| - ingresses | |
| - ingresses/status | |
| - networkpolicies | |
| - replicasets | |
| - replicasets/scale | |
| - replicasets/status | |
| - replicationcontrollers/scale | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - policy | |
| resources: | |
| - poddisruptionbudgets | |
| - poddisruptionbudgets/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - networking.k8s.io | |
| resources: | |
| - ingresses | |
| - ingresses/status | |
| - networkpolicies | |
| verbs: | |
| - get | |
| - list | |
| - watch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aggregationRule: | |
| clusterRoleSelectors: | |
| - matchLabels: | |
| rbac.authorization.k8s.io/aggregate-to-view: "true" | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| annotations: | |
| rbac.authorization.kubernetes.io/autoupdate: "true" | |
| labels: | |
| kubernetes.io/bootstrapping: rbac-defaults | |
| rbac.authorization.k8s.io/aggregate-to-edit: "true" | |
| name: view | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| - endpoints | |
| - persistentvolumeclaims | |
| - persistentvolumeclaims/status | |
| - pods | |
| - replicationcontrollers | |
| - replicationcontrollers/scale | |
| - serviceaccounts | |
| - services | |
| - services/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - bindings | |
| - events | |
| - limitranges | |
| - namespaces/status | |
| - pods/log | |
| - pods/status | |
| - replicationcontrollers/status | |
| - resourcequotas | |
| - resourcequotas/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - namespaces | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - discovery.k8s.io | |
| resources: | |
| - endpointslices | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - apps | |
| resources: | |
| - controllerrevisions | |
| - daemonsets | |
| - daemonsets/status | |
| - deployments | |
| - deployments/scale | |
| - deployments/status | |
| - replicasets | |
| - replicasets/scale | |
| - replicasets/status | |
| - statefulsets | |
| - statefulsets/scale | |
| - statefulsets/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - autoscaling | |
| resources: | |
| - horizontalpodautoscalers | |
| - horizontalpodautoscalers/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - batch | |
| resources: | |
| - cronjobs | |
| - cronjobs/status | |
| - jobs | |
| - jobs/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - extensions | |
| resources: | |
| - daemonsets | |
| - daemonsets/status | |
| - deployments | |
| - deployments/scale | |
| - deployments/status | |
| - ingresses | |
| - ingresses/status | |
| - networkpolicies | |
| - replicasets | |
| - replicasets/scale | |
| - replicasets/status | |
| - replicationcontrollers/scale | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - policy | |
| resources: | |
| - poddisruptionbudgets | |
| - poddisruptionbudgets/status | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - networking.k8s.io | |
| resources: | |
| - ingresses | |
| - ingresses/status | |
| - networkpolicies | |
| verbs: | |
| - get | |
| - list | |
| - watch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment