Skip to content

Instantly share code, notes, and snippets.

@jwmatthews
Created August 17, 2019 11:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jwmatthews/0e2ab32682dfda0d8e4e48c1d4dc1d20 to your computer and use it in GitHub Desktop.
Save jwmatthews/0e2ab32682dfda0d8e4e48c1d4dc1d20 to your computer and use it in GitHub Desktop.
Name: admin
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
imagestreams [] [] [create delete deletecollection get list patch update watch create get list watch]
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch create get list watch]
secrets [] [] [create delete deletecollection get list patch update watch get list watch create delete deletecollection patch update]
buildconfigs/webhooks [] [] [create delete deletecollection get list patch update watch get list watch]
buildconfigs [] [] [create delete deletecollection get list patch update watch get list watch]
buildlogs [] [] [create delete deletecollection get list patch update watch get list watch]
deploymentconfigs/scale [] [] [create delete deletecollection get list patch update watch get list watch]
deploymentconfigs [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreamimages [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreammappings [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreamtags [] [] [create delete deletecollection get list patch update watch get list watch]
processedtemplates [] [] [create delete deletecollection get list patch update watch get list watch]
routes [] [] [create delete deletecollection get list patch update watch get list watch]
templateconfigs [] [] [create delete deletecollection get list patch update watch get list watch]
templateinstances [] [] [create delete deletecollection get list patch update watch get list watch]
templates [] [] [create delete deletecollection get list patch update watch get list watch]
deploymentconfigs.apps.openshift.io/scale [] [] [create delete deletecollection get list patch update watch get list watch]
deploymentconfigs.apps.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
buildconfigs.build.openshift.io/webhooks [] [] [create delete deletecollection get list patch update watch get list watch]
buildconfigs.build.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
buildlogs.build.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
routes.route.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
processedtemplates.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
templateconfigs.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
templateinstances.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
templates.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
serviceaccounts [] [] [create delete deletecollection get list patch update watch impersonate create delete deletecollection patch update get list watch]
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch]
rolebindings [] [] [create delete deletecollection get list patch update watch]
roles [] [] [create delete deletecollection get list patch update watch]
rolebindings.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch]
roles.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch]
rolebindings.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch]
roles.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch]
networkpolicies.extensions [] [] [create delete deletecollection patch update create delete deletecollection get list patch update watch get list watch]
networkpolicies.networking.k8s.io [] [] [create delete deletecollection patch update create delete deletecollection get list patch update watch get list watch]
configmaps [] [] [create delete deletecollection patch update get list watch]
endpoints [] [] [create delete deletecollection patch update get list watch]
persistentvolumeclaims [] [] [create delete deletecollection patch update get list watch]
pods [] [] [create delete deletecollection patch update get list watch]
replicationcontrollers/scale [] [] [create delete deletecollection patch update get list watch]
replicationcontrollers [] [] [create delete deletecollection patch update get list watch]
services [] [] [create delete deletecollection patch update get list watch]
daemonsets.apps [] [] [create delete deletecollection patch update get list watch]
deployments.apps/scale [] [] [create delete deletecollection patch update get list watch]
deployments.apps [] [] [create delete deletecollection patch update get list watch]
replicasets.apps/scale [] [] [create delete deletecollection patch update get list watch]
replicasets.apps [] [] [create delete deletecollection patch update get list watch]
statefulsets.apps/scale [] [] [create delete deletecollection patch update get list watch]
statefulsets.apps [] [] [create delete deletecollection patch update get list watch]
horizontalpodautoscalers.autoscaling [] [] [create delete deletecollection patch update get list watch]
cronjobs.batch [] [] [create delete deletecollection patch update get list watch]
jobs.batch [] [] [create delete deletecollection patch update get list watch]
daemonsets.extensions [] [] [create delete deletecollection patch update get list watch]
deployments.extensions/scale [] [] [create delete deletecollection patch update get list watch]
deployments.extensions [] [] [create delete deletecollection patch update get list watch]
ingresses.extensions [] [] [create delete deletecollection patch update get list watch]
replicasets.extensions/scale [] [] [create delete deletecollection patch update get list watch]
replicasets.extensions [] [] [create delete deletecollection patch update get list watch]
replicationcontrollers.extensions/scale [] [] [create delete deletecollection patch update get list watch]
poddisruptionbudgets.policy [] [] [create delete deletecollection patch update get list watch]
deployments.apps/rollback [] [] [create delete deletecollection patch update]
deployments.extensions/rollback [] [] [create delete deletecollection patch update]
subscriptions.operators.coreos.com [] [] [create update patch delete delete get list watch]
buildconfigs/instantiate [] [] [create]
buildconfigs/instantiatebinary [] [] [create]
builds/clone [] [] [create]
deploymentconfigrollbacks [] [] [create]
deploymentconfigs/instantiate [] [] [create]
deploymentconfigs/rollback [] [] [create]
imagestreamimports [] [] [create]
localresourceaccessreviews [] [] [create]
localsubjectaccessreviews [] [] [create]
podsecuritypolicyreviews [] [] [create]
podsecuritypolicyselfsubjectreviews [] [] [create]
podsecuritypolicysubjectreviews [] [] [create]
resourceaccessreviews [] [] [create]
routes/custom-host [] [] [create]
subjectaccessreviews [] [] [create]
subjectrulesreviews [] [] [create]
deploymentconfigrollbacks.apps.openshift.io [] [] [create]
deploymentconfigs.apps.openshift.io/instantiate [] [] [create]
deploymentconfigs.apps.openshift.io/rollback [] [] [create]
localsubjectaccessreviews.authorization.k8s.io [] [] [create]
localresourceaccessreviews.authorization.openshift.io [] [] [create]
localsubjectaccessreviews.authorization.openshift.io [] [] [create]
resourceaccessreviews.authorization.openshift.io [] [] [create]
subjectaccessreviews.authorization.openshift.io [] [] [create]
subjectrulesreviews.authorization.openshift.io [] [] [create]
buildconfigs.build.openshift.io/instantiate [] [] [create]
buildconfigs.build.openshift.io/instantiatebinary [] [] [create]
builds.build.openshift.io/clone [] [] [create]
imagestreamimports.image.openshift.io [] [] [create]
routes.route.openshift.io/custom-host [] [] [create]
podsecuritypolicyreviews.security.openshift.io [] [] [create]
podsecuritypolicyselfsubjectreviews.security.openshift.io [] [] [create]
podsecuritypolicysubjectreviews.security.openshift.io [] [] [create]
catalogsources.operators.coreos.com [] [] [delete get list watch]
clusterserviceversions.operators.coreos.com [] [] [delete get list watch]
installplans.operators.coreos.com [] [] [delete get list watch]
jenkins.build.openshift.io [] [] [edit view view admin edit view]
builds [] [] [get create delete deletecollection get list patch update watch get list watch]
builds.build.openshift.io [] [] [get create delete deletecollection get list patch update watch get list watch]
projects [] [] [get delete get delete get patch update]
projects.project.openshift.io [] [] [get delete get delete get patch update]
namespaces [] [] [get get list watch]
pods/attach [] [] [get list watch create delete deletecollection patch update]
pods/exec [] [] [get list watch create delete deletecollection patch update]
pods/portforward [] [] [get list watch create delete deletecollection patch update]
pods/proxy [] [] [get list watch create delete deletecollection patch update]
services/proxy [] [] [get list watch create delete deletecollection patch update]
packagemanifests.packages.operators.coreos.com [] [] [get list watch create update patch delete *]
routes/status [] [] [get list watch update]
routes.route.openshift.io/status [] [] [get list watch update]
appliedclusterresourcequotas [] [] [get list watch]
bindings [] [] [get list watch]
builds/log [] [] [get list watch]
deploymentconfigs/log [] [] [get list watch]
deploymentconfigs/status [] [] [get list watch]
events [] [] [get list watch]
imagestreams/status [] [] [get list watch]
limitranges [] [] [get list watch]
namespaces/status [] [] [get list watch]
pods/log [] [] [get list watch]
pods/status [] [] [get list watch]
replicationcontrollers/status [] [] [get list watch]
resourcequotas/status [] [] [get list watch]
resourcequotas [] [] [get list watch]
resourcequotausages [] [] [get list watch]
rolebindingrestrictions [] [] [get list watch]
deploymentconfigs.apps.openshift.io/log [] [] [get list watch]
deploymentconfigs.apps.openshift.io/status [] [] [get list watch]
controllerrevisions.apps [] [] [get list watch]
rolebindingrestrictions.authorization.openshift.io [] [] [get list watch]
builds.build.openshift.io/log [] [] [get list watch]
imagestreams.image.openshift.io/status [] [] [get list watch]
pods.metrics.k8s.io [] [] [get list watch]
operatorgroups.operators.coreos.com [] [] [get list watch]
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch]
imagestreams/layers [] [] [get update get]
imagestreams.image.openshift.io/layers [] [] [get update get]
builds/details [] [] [update]
builds.build.openshift.io/details [] [] [update]
Name: aggregate-olm-edit
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true
rbac.authorization.k8s.io/aggregate-to-edit=true
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
subscriptions.operators.coreos.com [] [] [create update patch delete delete]
catalogsources.operators.coreos.com [] [] [delete]
clusterserviceversions.operators.coreos.com [] [] [delete]
installplans.operators.coreos.com [] [] [delete]
Name: aggregate-olm-view
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true
rbac.authorization.k8s.io/aggregate-to-edit=true
rbac.authorization.k8s.io/aggregate-to-view=true
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
catalogsources.operators.coreos.com [] [] [get list watch]
clusterserviceversions.operators.coreos.com [] [] [get list watch]
installplans.operators.coreos.com [] [] [get list watch]
operatorgroups.operators.coreos.com [] [] [get list watch]
subscriptions.operators.coreos.com [] [] [get list watch]
packagemanifests.packages.operators.coreos.com [] [] [get list watch]
Name: alertmanager-main
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
Name: basic-user
Labels: <none>
Annotations: openshift.io/description: A user that can get basic information about projects.
rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
selfsubjectrulesreviews [] [] [create]
selfsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectrulesreviews.authorization.openshift.io [] [] [create]
clusterroles.rbac.authorization.k8s.io [] [] [get list watch]
clusterroles [] [] [get list]
clusterroles.authorization.openshift.io [] [] [get list]
storageclasses.storage.k8s.io [] [] [get list]
users [] [~] [get]
users.user.openshift.io [] [~] [get]
projects [] [] [list watch]
projects.project.openshift.io [] [] [list watch]
projectrequests [] [] [list]
projectrequests.project.openshift.io [] [] [list]
Name: cloud-credential-operator-role
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
clusteroperators.config.openshift.io/status [] [] [create get update list watch]
clusteroperators.config.openshift.io [] [] [create get update list watch]
secrets [] [] [get list watch create update patch delete get list watch update]
credentialsrequests.cloudcredential.openshift.io/finalizers [] [] [get list watch create update patch delete]
credentialsrequests.cloudcredential.openshift.io/status [] [] [get list watch create update patch delete]
credentialsrequests.cloudcredential.openshift.io [] [] [get list watch create update patch delete]
configmaps [] [] [get list watch]
namespaces [] [] [get list watch]
clusterversions.config.openshift.io [] [] [get list watch]
infrastructures.config.openshift.io [] [] [get list watch]
Name: cluster-admin
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
*.* [] [] [*]
[*] [] [*]
Name: cluster-autoscaler
Labels: k8s-addon=cluster-autoscaler.addons.k8s.io
k8s-app=cluster-autoscaler
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
endpoints [] [] [create patch]
events [] [] [create patch]
pods/eviction [] [] [create]
endpoints [] [cluster-autoscaler] [get update]
pods/status [] [] [update]
nodes [] [] [watch list get update]
machinedeployments.cluster.k8s.io [] [] [watch list get update]
machines.cluster.k8s.io [] [] [watch list get update]
machinesets.cluster.k8s.io [] [] [watch list get update]
machinedeployments.machine.openshift.io [] [] [watch list get update]
machines.machine.openshift.io [] [] [watch list get update]
machinesets.machine.openshift.io [] [] [watch list get update]
namespaces [] [] [watch list get]
persistentvolumeclaims [] [] [watch list get]
persistentvolumes [] [] [watch list get]
pods [] [] [watch list get]
replicationcontrollers [] [] [watch list get]
services [] [] [watch list get]
daemonsets.apps [] [] [watch list get]
replicasets.apps [] [] [watch list get]
statefulsets.apps [] [] [watch list get]
daemonsets.extensions [] [] [watch list get]
replicasets.extensions [] [] [watch list get]
storageclasses.storage.k8s.io [] [] [watch list get]
poddisruptionbudgets.policy [] [] [watch list]
Name: cluster-autoscaler-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
*.autoscaling.openshift.io [] [] [*]
clusteroperators.config.openshift.io/status [] [] [create get update]
clusteroperators.config.openshift.io [] [] [create get update]
Name: cluster-debugger
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
[/debug/pprof/*] [] [get]
[/debug/pprof] [] [get]
[/metrics] [] [get]
Name: cluster-image-registry-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
clusteroperators.config.openshift.io [] [] [* create get update]
configmaps [] [] [*]
endpoints [] [] [*]
events [] [] [*]
namespaces [] [] [*]
persistentvolumeclaims [] [] [*]
pods [] [] [*]
secrets [] [] [*]
serviceaccounts [] [] [*]
services [] [] [*]
deploymentconfigs.apps.openshift.io [] [] [*]
daemonsets.apps [] [] [*]
deploymentconfigs.apps [] [] [*]
deployments.apps [] [] [*]
replicasets.apps [] [] [*]
statefulsets.apps [] [] [*]
images.config.openshift.io/status [] [] [*]
images.config.openshift.io [] [] [*]
*.image.openshift.io [] [] [*]
*.imageregistry.operator.openshift.io [] [] [*]
clusterrolebindings.rbac.authorization.k8s.io [] [] [*]
clusterroles.rbac.authorization.k8s.io [] [] [*]
routes.route.openshift.io/custom-host [] [] [*]
routes.route.openshift.io [] [] [*]
clusteroperators.config.openshift.io/status [] [] [create get update]
clusterversions.config.openshift.io [] [] [get]
limitranges [] [] [list]
resourcequotas [] [] [list]
Name: cluster-monitoring-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
customresourcedefinitions.apiextensions.k8s.io [] [] [*]
*.metrics.k8s.io [] [] [*]
alertmanagers.monitoring.coreos.com/finalizers [] [] [*]
alertmanagers.monitoring.coreos.com [] [] [*]
prometheuses.monitoring.coreos.com/finalizers [] [] [*]
prometheuses.monitoring.coreos.com [] [] [*]
prometheusrules.monitoring.coreos.com [] [] [*]
servicemonitors.monitoring.coreos.com [] [] [*]
configmaps [] [] [create delete get list update watch list watch get *]
services [] [] [create delete get list update watch list watch get list watch get list watch create delete get update]
daemonsets.apps [] [] [create delete get list update watch list watch]
deployments.apps [] [] [create delete get list update watch list watch]
serviceaccounts [] [] [create delete get list update watch]
apiservices.apiregistration.k8s.io [] [] [create delete get list update watch]
clusterrolebindings.rbac.authorization.k8s.io [] [] [create delete get list update watch]
clusterroles.rbac.authorization.k8s.io [] [] [create delete get list update watch]
rolebindings.rbac.authorization.k8s.io [] [] [create delete get list update watch]
roles.rbac.authorization.k8s.io [] [] [create delete get list update watch]
routes.route.openshift.io [] [] [create delete get list update watch]
securitycontextconstraints.security.openshift.io [] [] [create delete get list update watch]
services/finalizers [] [] [create delete get update]
clusteroperators.config.openshift.io/status [] [] [create get update]
clusteroperators.config.openshift.io [] [] [create get update]
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
namespaces [] [] [get list watch get list watch get list watch]
pods.metrics.k8s.io [] [] [get list watch]
deployments.apps [] [kube-state-metrics] [get update]
deployments.extensions [] [kube-state-metrics] [get update]
[/metrics] [] [get]
nodes/metrics [] [] [get]
clusterversions.config.openshift.io [] [] [get]
proxies.config.openshift.io [] [] [get]
secrets [] [] [list watch *]
statefulsets.apps [] [] [list watch *]
pods [] [] [list watch get get list watch get list watch delete list]
endpoints [] [] [list watch get list watch create delete get update]
nodes [] [] [list watch get list watch list watch]
limitranges [] [] [list watch]
persistentvolumeclaims [] [] [list watch]
persistentvolumes [] [] [list watch]
replicationcontrollers [] [] [list watch]
resourcequotas [] [] [list watch]
replicasets.apps [] [] [list watch]
horizontalpodautoscalers.autoscaling [] [] [list watch]
cronjobs.batch [] [] [list watch]
jobs.batch [] [] [list watch]
daemonsets.extensions [] [] [list watch]
deployments.extensions [] [] [list watch]
replicasets.extensions [] [] [list watch]
poddisruptionbudgets.policy [] [] [list watch]
securitycontextconstraints.security.openshift.io [] [node-exporter] [use]
Name: cluster-monitoring-view
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
namespaces [] [] [get]
Name: cluster-node-tuning-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
*.tuned.openshift.io [] [] [*]
daemonsets.apps [] [] [create delete list update watch]
clusterrolebindings.rbac.authorization.k8s.io [] [] [create delete list update watch]
clusterroles.rbac.authorization.k8s.io [] [] [create delete list update watch]
configmaps [] [] [create get delete list update watch]
namespaces [] [] [create get delete list update watch]
serviceaccounts [] [] [create get delete list update watch]
services [] [] [create get delete list update watch]
clusteroperators.config.openshift.io [] [] [create get]
nodes [] [] [get list watch]
pods [] [] [get list watch]
nodes/metrics [] [] [get]
nodes/specs [] [] [get]
clusteroperators.config.openshift.io/status [] [] [update]
securitycontextconstraints.security.openshift.io [] [] [use]
Name: cluster-node-tuning:tuned
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
nodes [] [] [get list watch]
pods [] [] [get list watch]
securitycontextconstraints.security.openshift.io [] [privileged] [use]
Name: cluster-reader
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
nodes/stats [] [] [create get]
localresourceaccessreviews [] [] [create]
localsubjectaccessreviews [] [] [create]
podsecuritypolicyreviews [] [] [create]
podsecuritypolicyselfsubjectreviews [] [] [create]
podsecuritypolicysubjectreviews [] [] [create]
resourceaccessreviews [] [] [create]
selfsubjectrulesreviews [] [] [create]
subjectaccessreviews [] [] [create]
subjectrulesreviews [] [] [create]
tokenreviews.authentication.k8s.io [] [] [create]
localsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectrulesreviews.authorization.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
localresourceaccessreviews.authorization.openshift.io [] [] [create]
localsubjectaccessreviews.authorization.openshift.io [] [] [create]
resourceaccessreviews.authorization.openshift.io [] [] [create]
selfsubjectrulesreviews.authorization.openshift.io [] [] [create]
subjectaccessreviews.authorization.openshift.io [] [] [create]
subjectrulesreviews.authorization.openshift.io [] [] [create]
podsecuritypolicyreviews.security.openshift.io [] [] [create]
podsecuritypolicyselfsubjectreviews.security.openshift.io [] [] [create]
podsecuritypolicysubjectreviews.security.openshift.io [] [] [create]
namespaces [] [] [get get list watch]
securitycontextconstraints [] [] [get list watch get list watch]
controllerrevisions.apps [] [] [get list watch get list watch]
appliedclusterresourcequotas [] [] [get list watch]
bindings [] [] [get list watch]
brokertemplateinstances [] [] [get list watch]
buildconfigs/webhooks [] [] [get list watch]
buildconfigs [] [] [get list watch]
buildlogs [] [] [get list watch]
builds/details [] [] [get list watch]
builds/log [] [] [get list watch]
builds [] [] [get list watch]
clusternetworks [] [] [get list watch]
clusterresourcequotas/status [] [] [get list watch]
clusterresourcequotas [] [] [get list watch]
clusterrolebindings [] [] [get list watch]
clusterroles [] [] [get list watch]
componentstatuses [] [] [get list watch]
configmaps [] [] [get list watch]
deploymentconfigs/log [] [] [get list watch]
deploymentconfigs/scale [] [] [get list watch]
deploymentconfigs/status [] [] [get list watch]
deploymentconfigs [] [] [get list watch]
egressnetworkpolicies [] [] [get list watch]
endpoints [] [] [get list watch]
events [] [] [get list watch]
groups [] [] [get list watch]
hostsubnets [] [] [get list watch]
identities [] [] [get list watch]
images [] [] [get list watch]
imagesignatures [] [] [get list watch]
imagestreamimages [] [] [get list watch]
imagestreammappings [] [] [get list watch]
imagestreams/status [] [] [get list watch]
imagestreams [] [] [get list watch]
imagestreamtags [] [] [get list watch]
limitranges [] [] [get list watch]
namespaces/status [] [] [get list watch]
netnamespaces [] [] [get list watch]
nodes/status [] [] [get list watch]
nodes [] [] [get list watch]
oauthclientauthorizations [] [] [get list watch]
persistentvolumeclaims/status [] [] [get list watch]
persistentvolumeclaims [] [] [get list watch]
persistentvolumes/status [] [] [get list watch]
persistentvolumes [] [] [get list watch]
pods/binding [] [] [get list watch]
pods/eviction [] [] [get list watch]
pods/log [] [] [get list watch]
pods/status [] [] [get list watch]
pods [] [] [get list watch]
podtemplates [] [] [get list watch]
processedtemplates [] [] [get list watch]
projectrequests [] [] [get list watch]
replicationcontrollers/scale [] [] [get list watch]
replicationcontrollers/status [] [] [get list watch]
replicationcontrollers [] [] [get list watch]
resourcequotas/status [] [] [get list watch]
resourcequotas [] [] [get list watch]
resourcequotausages [] [] [get list watch]
rolebindingrestrictions [] [] [get list watch]
rolebindings [] [] [get list watch]
roles [] [] [get list watch]
routes/status [] [] [get list watch]
routes [] [] [get list watch]
serviceaccounts [] [] [get list watch]
services/status [] [] [get list watch]
services [] [] [get list watch]
templateconfigs [] [] [get list watch]
templateinstances/status [] [] [get list watch]
templateinstances [] [] [get list watch]
templates [] [] [get list watch]
useridentitymappings [] [] [get list watch]
users [] [] [get list watch]
mutatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch]
validatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch]
customresourcedefinitions.apiextensions.k8s.io/status [] [] [get list watch]
customresourcedefinitions.apiextensions.k8s.io [] [] [get list watch]
apiservices.apiregistration.k8s.io/status [] [] [get list watch]
apiservices.apiregistration.k8s.io [] [] [get list watch]
deploymentconfigs.apps.openshift.io/log [] [] [get list watch]
deploymentconfigs.apps.openshift.io/scale [] [] [get list watch]
deploymentconfigs.apps.openshift.io/status [] [] [get list watch]
deploymentconfigs.apps.openshift.io [] [] [get list watch]
daemonsets.apps/status [] [] [get list watch]
daemonsets.apps [] [] [get list watch]
deployments.apps/scale [] [] [get list watch]
deployments.apps/status [] [] [get list watch]
deployments.apps [] [] [get list watch]
replicasets.apps/scale [] [] [get list watch]
replicasets.apps/status [] [] [get list watch]
replicasets.apps [] [] [get list watch]
statefulsets.apps/scale [] [] [get list watch]
statefulsets.apps/status [] [] [get list watch]
statefulsets.apps [] [] [get list watch]
clusterrolebindings.authorization.openshift.io [] [] [get list watch]
clusterroles.authorization.openshift.io [] [] [get list watch]
rolebindingrestrictions.authorization.openshift.io [] [] [get list watch]
rolebindings.authorization.openshift.io [] [] [get list watch]
roles.authorization.openshift.io [] [] [get list watch]
horizontalpodautoscalers.autoscaling/status [] [] [get list watch]
horizontalpodautoscalers.autoscaling [] [] [get list watch]
cronjobs.batch/status [] [] [get list watch]
cronjobs.batch [] [] [get list watch]
jobs.batch/status [] [] [get list watch]
jobs.batch [] [] [get list watch]
buildconfigs.build.openshift.io/webhooks [] [] [get list watch]
buildconfigs.build.openshift.io [] [] [get list watch]
buildlogs.build.openshift.io [] [] [get list watch]
builds.build.openshift.io/details [] [] [get list watch]
builds.build.openshift.io/log [] [] [get list watch]
builds.build.openshift.io [] [] [get list watch]
certificatesigningrequests.certificates.k8s.io/approval [] [] [get list watch]
certificatesigningrequests.certificates.k8s.io/status [] [] [get list watch]
certificatesigningrequests.certificates.k8s.io [] [] [get list watch]
credentialsrequests.cloudcredential.openshift.io [] [] [get list watch]
apiservers.config.openshift.io [] [] [get list watch]
authentications.config.openshift.io [] [] [get list watch]
builds.config.openshift.io [] [] [get list watch]
clusteroperators.config.openshift.io [] [] [get list watch]
clusterversions.config.openshift.io [] [] [get list watch]
consoles.config.openshift.io [] [] [get list watch]
dnses.config.openshift.io [] [] [get list watch]
featuregates.config.openshift.io [] [] [get list watch]
images.config.openshift.io [] [] [get list watch]
infrastructures.config.openshift.io [] [] [get list watch]
ingresses.config.openshift.io [] [] [get list watch]
networks.config.openshift.io [] [] [get list watch]
oauths.config.openshift.io [] [] [get list watch]
projects.config.openshift.io [] [] [get list watch]
proxies.config.openshift.io [] [] [get list watch]
schedulers.config.openshift.io [] [] [get list watch]
leases.coordination.k8s.io [] [] [get list watch]
events.events.k8s.io [] [] [get list watch]
daemonsets.extensions/status [] [] [get list watch]
daemonsets.extensions [] [] [get list watch]
deployments.extensions/scale [] [] [get list watch]
deployments.extensions/status [] [] [get list watch]
deployments.extensions [] [] [get list watch]
horizontalpodautoscalers.extensions/status [] [] [get list watch]
horizontalpodautoscalers.extensions [] [] [get list watch]
ingresses.extensions/status [] [] [get list watch]
ingresses.extensions [] [] [get list watch]
jobs.extensions/status [] [] [get list watch]
jobs.extensions [] [] [get list watch]
networkpolicies.extensions [] [] [get list watch]
podsecuritypolicies.extensions [] [] [get list watch]
replicasets.extensions/scale [] [] [get list watch]
replicasets.extensions/status [] [] [get list watch]
replicasets.extensions [] [] [get list watch]
replicationcontrollers.extensions/scale [] [] [get list watch]
replicationcontrollers.extensions [] [] [get list watch]
storageclasses.extensions [] [] [get list watch]
thirdpartyresources.extensions [] [] [get list watch]
images.image.openshift.io [] [] [get list watch]
imagesignatures.image.openshift.io [] [] [get list watch]
imagestreamimages.image.openshift.io [] [] [get list watch]
imagestreammappings.image.openshift.io [] [] [get list watch]
imagestreams.image.openshift.io/status [] [] [get list watch]
imagestreams.image.openshift.io [] [] [get list watch]
imagestreamtags.image.openshift.io [] [] [get list watch]
containerruntimeconfigs.machineconfiguration.openshift.io [] [] [get list watch]
controllerconfigs.machineconfiguration.openshift.io [] [] [get list watch]
kubeletconfigs.machineconfiguration.openshift.io [] [] [get list watch]
machineconfigpools.machineconfiguration.openshift.io [] [] [get list watch]
mcoconfigs.machineconfiguration.openshift.io [] [] [get list watch]
pods.metrics.k8s.io [] [] [get list watch]
clusternetworks.network.openshift.io [] [] [get list watch]
egressnetworkpolicies.network.openshift.io [] [] [get list watch]
hostsubnets.network.openshift.io [] [] [get list watch]
netnamespaces.network.openshift.io [] [] [get list watch]
networkpolicies.networking.k8s.io [] [] [get list watch]
oauthclientauthorizations.oauth.openshift.io [] [] [get list watch]
catalogsources.operators.coreos.com [] [] [get list watch]
clusterserviceversions.operators.coreos.com [] [] [get list watch]
installplans.operators.coreos.com [] [] [get list watch]
operatorgroups.operators.coreos.com [] [] [get list watch]
subscriptions.operators.coreos.com [] [] [get list watch]
packagemanifests.packages.operators.coreos.com [] [] [get list watch]
poddisruptionbudgets.policy/status [] [] [get list watch]
poddisruptionbudgets.policy [] [] [get list watch]
podsecuritypolicies.policy [] [] [get list watch]
projectrequests.project.openshift.io [] [] [get list watch]
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch]
clusterresourcequotas.quota.openshift.io/status [] [] [get list watch]
clusterresourcequotas.quota.openshift.io [] [] [get list watch]
clusterrolebindings.rbac.authorization.k8s.io [] [] [get list watch]
clusterroles.rbac.authorization.k8s.io [] [] [get list watch]
rolebindings.rbac.authorization.k8s.io [] [] [get list watch]
roles.rbac.authorization.k8s.io [] [] [get list watch]
routes.route.openshift.io/status [] [] [get list watch]
routes.route.openshift.io [] [] [get list watch]
priorityclasses.scheduling.k8s.io [] [] [get list watch]
rangeallocations.security.openshift.io [] [] [get list watch]
securitycontextconstraints.security.openshift.io [] [] [get list watch]
podpresets.settings.k8s.io [] [] [get list watch]
storageclasses.storage.k8s.io [] [] [get list watch]
volumeattachments.storage.k8s.io/status [] [] [get list watch]
volumeattachments.storage.k8s.io [] [] [get list watch]
brokertemplateinstances.template.openshift.io [] [] [get list watch]
processedtemplates.template.openshift.io [] [] [get list watch]
templateconfigs.template.openshift.io [] [] [get list watch]
templateinstances.template.openshift.io/status [] [] [get list watch]
templateinstances.template.openshift.io [] [] [get list watch]
templates.template.openshift.io [] [] [get list watch]
groups.user.openshift.io [] [] [get list watch]
identities.user.openshift.io [] [] [get list watch]
useridentitymappings.user.openshift.io [] [] [get list watch]
users.user.openshift.io [] [] [get list watch]
[*] [] [get]
imagestreams/layers [] [] [get]
nodes/metrics [] [] [get]
nodes/spec [] [] [get]
imagestreams.image.openshift.io/layers [] [] [get]
projects [] [] [list watch get]
projects.project.openshift.io [] [] [list watch get]
jenkins.build.openshift.io [] [] [view]
Name: cluster-samples-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
clusteroperators.config.openshift.io/status [] [] [*]
clusteroperators.config.openshift.io [] [] [*]
configs.samples.operator.openshift.io/status [] [] [*]
configs.samples.operator.openshift.io [] [] [*]
Name: cluster-status
Labels: <none>
Annotations: openshift.io/description: A user that can get basic cluster status information.
rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
[/.well-known/*] [] [get]
[/.well-known] [] [get]
[/] [] [get]
[/api/*] [] [get]
[/api] [] [get]
[/apis/*] [] [get]
[/apis] [] [get]
[/healthz/] [] [get]
[/healthz] [] [get]
[/oapi/*] [] [get]
[/oapi] [] [get]
[/openapi/v2] [] [get]
[/osapi/] [] [get]
[/osapi] [] [get]
[/swagger-2.0.0.pb-v1] [] [get]
[/swagger.json] [] [get]
[/swaggerapi/*] [] [get]
[/swaggerapi] [] [get]
[/version/*] [] [get]
[/version] [] [get]
Name: cluster-storage-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
clusteroperators.config.openshift.io [] [] [get list watch create]
infrastructures.config.openshift.io [] [] [get list watch]
storageclasses.storage.k8s.io [] [] [get watch list create delete patch update]
clusteroperators.config.openshift.io/status [] [] [update]
Name: console-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
oauthclients.oauth.openshift.io [] [console] [get list update watch]
clusteroperators.config.openshift.io/status [] [] [get list watch create update delete]
clusteroperators.config.openshift.io [] [] [get list watch create update delete]
consoles.config.openshift.io/status [] [] [get list watch create update delete]
consoles.config.openshift.io [] [] [get list watch create update delete]
consoles.operator.openshift.io/status [] [] [get list watch create update delete]
consoles.operator.openshift.io [] [] [get list watch create update delete]
infrastructures.config.openshift.io [] [] [get list watch]
Name: dns-monitoring
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
dnses.operator.openshift.io [] [] [get]
Name: edit
Labels: kubernetes.io/bootstrapping=rbac-defaults
rbac.authorization.k8s.io/aggregate-to-admin=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
imagestreams [] [] [create delete deletecollection get list patch update watch create get list watch]
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch create get list watch]
secrets [] [] [create delete deletecollection get list patch update watch get list watch create delete deletecollection patch update]
buildconfigs/webhooks [] [] [create delete deletecollection get list patch update watch get list watch]
buildconfigs [] [] [create delete deletecollection get list patch update watch get list watch]
buildlogs [] [] [create delete deletecollection get list patch update watch get list watch]
deploymentconfigs/scale [] [] [create delete deletecollection get list patch update watch get list watch]
deploymentconfigs [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreamimages [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreammappings [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreamtags [] [] [create delete deletecollection get list patch update watch get list watch]
processedtemplates [] [] [create delete deletecollection get list patch update watch get list watch]
routes [] [] [create delete deletecollection get list patch update watch get list watch]
templateconfigs [] [] [create delete deletecollection get list patch update watch get list watch]
templateinstances [] [] [create delete deletecollection get list patch update watch get list watch]
templates [] [] [create delete deletecollection get list patch update watch get list watch]
deploymentconfigs.apps.openshift.io/scale [] [] [create delete deletecollection get list patch update watch get list watch]
deploymentconfigs.apps.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
buildconfigs.build.openshift.io/webhooks [] [] [create delete deletecollection get list patch update watch get list watch]
buildconfigs.build.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
buildlogs.build.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
routes.route.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
processedtemplates.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
templateconfigs.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
templateinstances.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
templates.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch]
serviceaccounts [] [] [create delete deletecollection get list patch update watch impersonate create delete deletecollection patch update get list watch]
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch]
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch]
networkpolicies.extensions [] [] [create delete deletecollection patch update create delete deletecollection get list patch update watch get list watch]
networkpolicies.networking.k8s.io [] [] [create delete deletecollection patch update create delete deletecollection get list patch update watch get list watch]
configmaps [] [] [create delete deletecollection patch update get list watch]
endpoints [] [] [create delete deletecollection patch update get list watch]
persistentvolumeclaims [] [] [create delete deletecollection patch update get list watch]
pods [] [] [create delete deletecollection patch update get list watch]
replicationcontrollers/scale [] [] [create delete deletecollection patch update get list watch]
replicationcontrollers [] [] [create delete deletecollection patch update get list watch]
services [] [] [create delete deletecollection patch update get list watch]
daemonsets.apps [] [] [create delete deletecollection patch update get list watch]
deployments.apps/scale [] [] [create delete deletecollection patch update get list watch]
deployments.apps [] [] [create delete deletecollection patch update get list watch]
replicasets.apps/scale [] [] [create delete deletecollection patch update get list watch]
replicasets.apps [] [] [create delete deletecollection patch update get list watch]
statefulsets.apps/scale [] [] [create delete deletecollection patch update get list watch]
statefulsets.apps [] [] [create delete deletecollection patch update get list watch]
horizontalpodautoscalers.autoscaling [] [] [create delete deletecollection patch update get list watch]
cronjobs.batch [] [] [create delete deletecollection patch update get list watch]
jobs.batch [] [] [create delete deletecollection patch update get list watch]
daemonsets.extensions [] [] [create delete deletecollection patch update get list watch]
deployments.extensions/scale [] [] [create delete deletecollection patch update get list watch]
deployments.extensions [] [] [create delete deletecollection patch update get list watch]
ingresses.extensions [] [] [create delete deletecollection patch update get list watch]
replicasets.extensions/scale [] [] [create delete deletecollection patch update get list watch]
replicasets.extensions [] [] [create delete deletecollection patch update get list watch]
replicationcontrollers.extensions/scale [] [] [create delete deletecollection patch update get list watch]
poddisruptionbudgets.policy [] [] [create delete deletecollection patch update get list watch]
deployments.apps/rollback [] [] [create delete deletecollection patch update]
deployments.extensions/rollback [] [] [create delete deletecollection patch update]
subscriptions.operators.coreos.com [] [] [create update patch delete delete get list watch]
buildconfigs/instantiate [] [] [create]
buildconfigs/instantiatebinary [] [] [create]
builds/clone [] [] [create]
deploymentconfigrollbacks [] [] [create]
deploymentconfigs/instantiate [] [] [create]
deploymentconfigs/rollback [] [] [create]
imagestreamimports [] [] [create]
routes/custom-host [] [] [create]
deploymentconfigrollbacks.apps.openshift.io [] [] [create]
deploymentconfigs.apps.openshift.io/instantiate [] [] [create]
deploymentconfigs.apps.openshift.io/rollback [] [] [create]
buildconfigs.build.openshift.io/instantiate [] [] [create]
buildconfigs.build.openshift.io/instantiatebinary [] [] [create]
builds.build.openshift.io/clone [] [] [create]
imagestreamimports.image.openshift.io [] [] [create]
routes.route.openshift.io/custom-host [] [] [create]
catalogsources.operators.coreos.com [] [] [delete get list watch]
clusterserviceversions.operators.coreos.com [] [] [delete get list watch]
installplans.operators.coreos.com [] [] [delete get list watch]
jenkins.build.openshift.io [] [] [edit view view]
builds [] [] [get create delete deletecollection get list patch update watch get list watch]
builds.build.openshift.io [] [] [get create delete deletecollection get list patch update watch get list watch]
namespaces [] [] [get get list watch]
pods/attach [] [] [get list watch create delete deletecollection patch update]
pods/exec [] [] [get list watch create delete deletecollection patch update]
pods/portforward [] [] [get list watch create delete deletecollection patch update]
pods/proxy [] [] [get list watch create delete deletecollection patch update]
services/proxy [] [] [get list watch create delete deletecollection patch update]
packagemanifests.packages.operators.coreos.com [] [] [get list watch create update patch delete]
appliedclusterresourcequotas [] [] [get list watch]
bindings [] [] [get list watch]
builds/log [] [] [get list watch]
deploymentconfigs/log [] [] [get list watch]
deploymentconfigs/status [] [] [get list watch]
events [] [] [get list watch]
imagestreams/status [] [] [get list watch]
limitranges [] [] [get list watch]
namespaces/status [] [] [get list watch]
pods/log [] [] [get list watch]
pods/status [] [] [get list watch]
replicationcontrollers/status [] [] [get list watch]
resourcequotas/status [] [] [get list watch]
resourcequotas [] [] [get list watch]
resourcequotausages [] [] [get list watch]
routes/status [] [] [get list watch]
deploymentconfigs.apps.openshift.io/log [] [] [get list watch]
deploymentconfigs.apps.openshift.io/status [] [] [get list watch]
controllerrevisions.apps [] [] [get list watch]
builds.build.openshift.io/log [] [] [get list watch]
imagestreams.image.openshift.io/status [] [] [get list watch]
pods.metrics.k8s.io [] [] [get list watch]
operatorgroups.operators.coreos.com [] [] [get list watch]
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch]
routes.route.openshift.io/status [] [] [get list watch]
imagestreams/layers [] [] [get update get]
imagestreams.image.openshift.io/layers [] [] [get update get]
projects [] [] [get]
projects.project.openshift.io [] [] [get]
builds/details [] [] [update]
builds.build.openshift.io/details [] [] [update]
Name: global-operators-admin
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
Name: global-operators-edit
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
Name: global-operators-view
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
Name: grafana
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
Name: kube-apiserver
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
nodes/proxy [] [] [get create]
Name: kube-state-metrics
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
configmaps [] [] [list watch]
endpoints [] [] [list watch]
limitranges [] [] [list watch]
namespaces [] [] [list watch]
nodes [] [] [list watch]
persistentvolumeclaims [] [] [list watch]
persistentvolumes [] [] [list watch]
pods [] [] [list watch]
replicationcontrollers [] [] [list watch]
resourcequotas [] [] [list watch]
secrets [] [] [list watch]
services [] [] [list watch]
daemonsets.apps [] [] [list watch]
deployments.apps [] [] [list watch]
replicasets.apps [] [] [list watch]
statefulsets.apps [] [] [list watch]
horizontalpodautoscalers.autoscaling [] [] [list watch]
cronjobs.batch [] [] [list watch]
jobs.batch [] [] [list watch]
daemonsets.extensions [] [] [list watch]
deployments.extensions [] [] [list watch]
replicasets.extensions [] [] [list watch]
poddisruptionbudgets.policy [] [] [list watch]
Name: machine-api-manager
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
*.cluster.k8s.io [] [] [*]
*.healthchecking.openshift.io [] [] [*]
*.machine.openshift.io [] [] [*]
clusteroperators.config.openshift.io/status [] [] [create get update]
clusteroperators.config.openshift.io [] [] [create get update]
events [] [] [create watch list patch]
pods/eviction [] [] [create]
configmaps [] [] [get list watch create update patch delete]
nodes [] [] [get list watch create update patch delete]
deployments.apps [] [] [get list watch create update patch delete]
secrets [] [] [get list watch create]
baremetalhosts.metal3.io [] [] [get list watch update patch]
baremetalhosts.metalkube.org [] [] [get list watch update patch]
pods [] [] [get list watch]
featuregates.config.openshift.io/status [] [] [get list watch]
featuregates.config.openshift.io [] [] [get list watch]
daemonsets.extensions [] [] [get list watch]
infrastructures.config.openshift.io/status [] [] [get]
infrastructures.config.openshift.io [] [] [get]
Name: machine-config-controller
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [*]
secrets [] [] [*]
clusterversions.config.openshift.io [] [] [*]
featuregates.config.openshift.io [] [] [*]
images.config.openshift.io [] [] [*]
*.machineconfiguration.openshift.io [] [] [*]
nodes [] [] [get list watch patch]
Name: machine-config-daemon
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [*]
machineconfigs.machineconfiguration.openshift.io [] [] [*]
pods/eviction [] [] [create]
nodes [] [] [get list watch patch update]
daemonsets.extensions [] [] [get]
Name: machine-config-daemon-events
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch]
Name: machine-config-server
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
machineconfigpools.machineconfiguration.openshift.io [] [] [*]
machineconfigs.machineconfiguration.openshift.io [] [] [*]
Name: manager-role
Labels: <none>
Annotations: operator-sdk/primary-resource: mig/migration-controller
operator-sdk/primary-resource-type: MigrationController.migration.openshift.io
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
namespaces [] [] [get list watch create update patch delete]
persistentvolumeclaims [] [] [get list watch create update patch delete]
persistentvolumes [] [] [get list watch create update patch delete]
pods [] [] [get list watch create update patch delete]
secrets [] [] [get list watch create update patch delete]
services [] [] [get list watch create update patch delete]
mutatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch create update patch delete]
validatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch create update patch delete]
*.apps.openshift.io [] [] [get list watch create update patch delete]
clusters.clusterregistry.k8s.io [] [] [get list watch create update patch delete]
*.image.openshift.io [] [] [get list watch create update patch delete]
migclusters.migration.openshift.io [] [] [get list watch create update patch delete]
migmigrations.migration.openshift.io [] [] [get list watch create update patch delete]
migplans.migration.openshift.io [] [] [get list watch create update patch delete]
migstages.migration.openshift.io [] [] [get list watch create update patch delete]
migstorages.migration.openshift.io [] [] [get list watch create update patch delete]
*.velero.io [] [] [get list watch create update patch delete]
storageclasses.storage.k8s.io [] [] [get list watch]
namespaces/status [] [] [get update patch]
persistentvolumeclaims/status [] [] [get update patch]
persistentvolumes/status [] [] [get update patch]
pods/status [] [] [get update patch]
clusters.clusterregistry.k8s.io/status [] [] [get update patch]
migclusters.migration.openshift.io/status [] [] [get update patch]
migmigrations.migration.openshift.io/status [] [] [get update patch]
migplans.migration.openshift.io/status [] [] [get update patch]
migstages.migration.openshift.io/status [] [] [get update patch]
migstorages.migration.openshift.io/status [] [] [get update patch]
Name: marketplace-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
clusteroperators.config.openshift.io/status [] [] [create get update]
clusteroperators.config.openshift.io [] [] [create get update]
catalogsources.operators.coreos.com [] [] [get create delete update list]
Name: multus
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
pods/status [] [] [get list watch patch update]
pods [] [] [get list watch patch update]
namespaces [] [] [get list watch]
customresourcedefinitions.apiextensions.k8s.io/status [] [] [get list watch]
customresourcedefinitions.apiextensions.k8s.io [] [] [get list watch]
*.k8s.cni.cncf.io [] [] [get list watch]
Name: node-exporter
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
securitycontextconstraints.security.openshift.io [] [node-exporter] [use]
Name: olm-operators-admin
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
packagemanifests.packages.operators.coreos.com [] [] [*]
Name: olm-operators-edit
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
packagemanifests.packages.operators.coreos.com [] [] [create update patch delete]
Name: olm-operators-view
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
packagemanifests.packages.operators.coreos.com [] [] [get list watch]
Name: openshift-cluster-monitoring-admin
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
Name: openshift-cluster-monitoring-edit
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
Name: openshift-cluster-monitoring-view
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
Name: openshift-dns
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
endpoints [] [] [list watch]
namespaces [] [] [list watch]
pods [] [] [list watch]
services [] [] [list watch]
Name: openshift-dns-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [*]
endpoints [] [] [*]
namespaces [] [] [*]
pods [] [] [*]
serviceaccounts [] [] [*]
services [] [] [*]
daemonsets.apps [] [] [*]
daemonsets.extensions [] [] [*]
dnses.operator.openshift.io [] [] [*]
clusterrolebindings.rbac.authorization.k8s.io [] [] [create get list watch]
clusterroles.rbac.authorization.k8s.io [] [] [create get list watch]
rolebindings.rbac.authorization.k8s.io [] [] [create get list watch]
roles.rbac.authorization.k8s.io [] [] [create get list watch]
clusteroperators.config.openshift.io [] [] [create get]
networks.config.openshift.io [] [] [create get]
servicemonitors.monitoring.coreos.com [] [] [create get]
clusteroperators.config.openshift.io/status [] [] [update]
dnses.operator.openshift.io/status [] [] [update]
Name: openshift-ingress-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [*]
endpoints [] [] [*]
namespaces [] [] [*]
pods [] [] [*]
secrets [] [] [*]
serviceaccounts [] [] [*]
services [] [] [*]
deployments.apps [] [] [*]
clusterrolebindings.rbac.authorization.k8s.io [] [] [create get list watch]
clusterroles.rbac.authorization.k8s.io [] [] [create get list watch]
rolebindings.rbac.authorization.k8s.io [] [] [create get list watch]
roles.rbac.authorization.k8s.io [] [] [create get list watch]
clusteroperators.config.openshift.io [] [] [create get]
servicemonitors.monitoring.coreos.com [] [] [create get]
events [] [] [create]
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
dnses.config.openshift.io [] [] [get]
infrastructures.config.openshift.io [] [] [get]
ingresses.config.openshift.io [] [] [get]
routers.route.openshift.io/metrics [] [] [get]
ingresscontrollers.operator.openshift.io [] [] [list watch]
routes.route.openshift.io [] [] [list watch]
clusteroperators.config.openshift.io/status [] [] [update]
ingresscontrollers.operator.openshift.io/status [] [] [update]
routes.route.openshift.io/status [] [] [update]
securitycontextconstraints.security.openshift.io [] [hostnetwork] [use]
Name: openshift-ingress-router
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
endpoints [] [] [list watch]
namespaces [] [] [list watch]
services [] [] [list watch]
routes.route.openshift.io [] [] [list watch]
routes.route.openshift.io/status [] [] [update]
securitycontextconstraints.security.openshift.io [] [hostnetwork] [use]
Name: openshift-sdn
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
endpoints [] [] [get list watch]
namespaces [] [] [get list watch]
nodes [] [] [get list watch]
pods [] [] [get list watch]
services [] [] [get list watch]
networkpolicies.extensions [] [] [get list watch]
clusternetworks.network.openshift.io [] [] [get list watch]
egressnetworkpolicies.network.openshift.io [] [] [get list watch]
hostsubnets.network.openshift.io [] [] [get list watch]
netnamespaces.network.openshift.io [] [] [get list watch]
networkpolicies.networking.k8s.io [] [] [get list watch]
Name: openshift-sdn-controller
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
clusternetworks.network.openshift.io [] [] [get list watch create update patch]
egressnetworkpolicies.network.openshift.io [] [] [get list watch create update patch]
hostsubnets.network.openshift.io [] [] [get list watch create update patch]
netnamespaces.network.openshift.io [] [] [get list watch create update patch]
namespaces [] [] [list get watch]
nodes [] [] [list get watch]
Name: packagemanifests-v1-admin
Labels: olm.opgroup.permissions/aggregate-to-admin=olm-operators
rbac.authorization.k8s.io/aggregate-to-admin=true
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
packagemanifests.packages.operators.coreos.com [] [] [*]
Name: packagemanifests-v1-edit
Labels: olm.opgroup.permissions/aggregate-to-edit=olm-operators
rbac.authorization.k8s.io/aggregate-to-edit=true
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
packagemanifests.packages.operators.coreos.com [] [] [create update patch delete]
Name: packagemanifests-v1-view
Labels: olm.opgroup.permissions/aggregate-to-view=olm-operators
rbac.authorization.k8s.io/aggregate-to-view=true
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
packagemanifests.packages.operators.coreos.com [] [] [get list watch]
Name: packageserver.v0.9.0-cp7hq
Labels: olm.owner=packageserver.v0.9.0
olm.owner.kind=ClusterServiceVersion
olm.owner.namespace=openshift-operator-lifecycle-manager
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
subjectaccessreviews.authorization.k8s.io [] [] [create get]
configmaps [] [] [get list watch]
catalogsources.operators.coreos.com [] [] [get list watch]
packagemanifests.packages.operators.coreos.com [] [] [get list]
Name: prometheus-adapter
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
namespaces [] [] [get list watch]
nodes [] [] [get list watch]
pods [] [] [get list watch]
services [] [] [get list watch]
Name: prometheus-k8s
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
[/metrics] [] [get]
namespaces [] [] [get]
nodes/metrics [] [] [get]
Name: prometheus-operator
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [*]
secrets [] [] [*]
customresourcedefinitions.apiextensions.k8s.io [] [] [*]
statefulsets.apps [] [] [*]
alertmanagers.monitoring.coreos.com/finalizers [] [] [*]
alertmanagers.monitoring.coreos.com [] [] [*]
prometheuses.monitoring.coreos.com/finalizers [] [] [*]
prometheuses.monitoring.coreos.com [] [] [*]
prometheusrules.monitoring.coreos.com [] [] [*]
servicemonitors.monitoring.coreos.com [] [] [*]
endpoints [] [] [get create update delete]
services/finalizers [] [] [get create update delete]
services [] [] [get create update delete]
namespaces [] [] [get list watch]
pods [] [] [list delete]
nodes [] [] [list watch]
Name: registry-admin
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
imagestreamimages [] [] [create delete deletecollection get list patch update watch]
imagestreammappings [] [] [create delete deletecollection get list patch update watch]
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch]
imagestreams [] [] [create delete deletecollection get list patch update watch]
imagestreamtags [] [] [create delete deletecollection get list patch update watch]
rolebindings [] [] [create delete deletecollection get list patch update watch]
roles [] [] [create delete deletecollection get list patch update watch]
secrets [] [] [create delete deletecollection get list patch update watch]
serviceaccounts [] [] [create delete deletecollection get list patch update watch]
rolebindings.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch]
roles.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch]
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
rolebindings.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch]
roles.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch]
imagestreamimports [] [] [create]
localresourceaccessreviews [] [] [create]
localsubjectaccessreviews [] [] [create]
resourceaccessreviews [] [] [create]
subjectaccessreviews [] [] [create]
subjectrulesreviews [] [] [create]
localsubjectaccessreviews.authorization.k8s.io [] [] [create]
localresourceaccessreviews.authorization.openshift.io [] [] [create]
localsubjectaccessreviews.authorization.openshift.io [] [] [create]
resourceaccessreviews.authorization.openshift.io [] [] [create]
subjectaccessreviews.authorization.openshift.io [] [] [create]
subjectrulesreviews.authorization.openshift.io [] [] [create]
imagestreamimports.image.openshift.io [] [] [create]
projects [] [] [delete get]
projects.project.openshift.io [] [] [delete get]
imagestreams/layers [] [] [get update]
imagestreams.image.openshift.io/layers [] [] [get update]
namespaces [] [] [get]
Name: registry-editor
Labels: rbac.authorization.k8s.io/aggregate-to-edit=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
imagestreamimages [] [] [create delete deletecollection get list patch update watch]
imagestreammappings [] [] [create delete deletecollection get list patch update watch]
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch]
imagestreams [] [] [create delete deletecollection get list patch update watch]
imagestreamtags [] [] [create delete deletecollection get list patch update watch]
secrets [] [] [create delete deletecollection get list patch update watch]
serviceaccounts [] [] [create delete deletecollection get list patch update watch]
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch]
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreamimports [] [] [create]
imagestreamimports.image.openshift.io [] [] [create]
imagestreams/layers [] [] [get update]
imagestreams.image.openshift.io/layers [] [] [get update]
namespaces [] [] [get]
projects [] [] [get]
projects.project.openshift.io [] [] [get]
Name: registry-monitoring
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
registry.image.openshift.io/metrics [] [] [get]
Name: registry-viewer
Labels: rbac.authorization.k8s.io/aggregate-to-view=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
imagestreamimages [] [] [get list watch]
imagestreammappings [] [] [get list watch]
imagestreams [] [] [get list watch]
imagestreamtags [] [] [get list watch]
imagestreamimages.image.openshift.io [] [] [get list watch]
imagestreammappings.image.openshift.io [] [] [get list watch]
imagestreams.image.openshift.io [] [] [get list watch]
imagestreamtags.image.openshift.io [] [] [get list watch]
imagestreams/layers [] [] [get]
namespaces [] [] [get]
projects [] [] [get]
imagestreams.image.openshift.io/layers [] [] [get]
projects.project.openshift.io [] [] [get]
Name: resource-metrics-server-resources
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
*.metrics.k8s.io [] [] [*]
Name: router-monitoring
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
routers.route.openshift.io/metrics [] [] [get]
Name: self-access-reviewer
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
selfsubjectrulesreviews [] [] [create]
selfsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectrulesreviews.authorization.openshift.io [] [] [create]
Name: self-provisioner
Labels: <none>
Annotations: openshift.io/description: A user that can request projects.
rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
projectrequests [] [] [create]
projectrequests.project.openshift.io [] [] [create]
Name: storage-admin
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
persistentvolumes [] [] [create delete deletecollection get list patch update watch]
storageclasses.storage.k8s.io [] [] [create delete deletecollection get list patch update watch]
events [] [] [get list watch]
persistentvolumeclaims [] [] [get list watch]
Name: sudoer
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
groups [] [system:masters] [impersonate]
systemgroups [] [system:masters] [impersonate]
systemusers [] [system:admin] [impersonate]
users [] [system:admin] [impersonate]
groups.user.openshift.io [] [system:masters] [impersonate]
systemgroups.user.openshift.io [] [system:masters] [impersonate]
systemusers.user.openshift.io [] [system:admin] [impersonate]
users.user.openshift.io [] [system:admin] [impersonate]
Name: system:aggregate-to-admin
Labels: kubernetes.io/bootstrapping=rbac-defaults
rbac.authorization.k8s.io/aggregate-to-admin=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
rolebindings.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch]
roles.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch]
localsubjectaccessreviews.authorization.k8s.io [] [] [create]
Name: system:aggregate-to-edit
Labels: kubernetes.io/bootstrapping=rbac-defaults
rbac.authorization.k8s.io/aggregate-to-edit=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [create delete deletecollection patch update]
endpoints [] [] [create delete deletecollection patch update]
persistentvolumeclaims [] [] [create delete deletecollection patch update]
pods [] [] [create delete deletecollection patch update]
replicationcontrollers/scale [] [] [create delete deletecollection patch update]
replicationcontrollers [] [] [create delete deletecollection patch update]
services [] [] [create delete deletecollection patch update]
daemonsets.apps [] [] [create delete deletecollection patch update]
deployments.apps/rollback [] [] [create delete deletecollection patch update]
deployments.apps/scale [] [] [create delete deletecollection patch update]
deployments.apps [] [] [create delete deletecollection patch update]
replicasets.apps/scale [] [] [create delete deletecollection patch update]
replicasets.apps [] [] [create delete deletecollection patch update]
statefulsets.apps/scale [] [] [create delete deletecollection patch update]
statefulsets.apps [] [] [create delete deletecollection patch update]
horizontalpodautoscalers.autoscaling [] [] [create delete deletecollection patch update]
cronjobs.batch [] [] [create delete deletecollection patch update]
jobs.batch [] [] [create delete deletecollection patch update]
daemonsets.extensions [] [] [create delete deletecollection patch update]
deployments.extensions/rollback [] [] [create delete deletecollection patch update]
deployments.extensions/scale [] [] [create delete deletecollection patch update]
deployments.extensions [] [] [create delete deletecollection patch update]
ingresses.extensions [] [] [create delete deletecollection patch update]
networkpolicies.extensions [] [] [create delete deletecollection patch update]
replicasets.extensions/scale [] [] [create delete deletecollection patch update]
replicasets.extensions [] [] [create delete deletecollection patch update]
replicationcontrollers.extensions/scale [] [] [create delete deletecollection patch update]
networkpolicies.networking.k8s.io [] [] [create delete deletecollection patch update]
poddisruptionbudgets.policy [] [] [create delete deletecollection patch update]
pods/attach [] [] [get list watch create delete deletecollection patch update]
pods/exec [] [] [get list watch create delete deletecollection patch update]
pods/portforward [] [] [get list watch create delete deletecollection patch update]
pods/proxy [] [] [get list watch create delete deletecollection patch update]
secrets [] [] [get list watch create delete deletecollection patch update]
services/proxy [] [] [get list watch create delete deletecollection patch update]
serviceaccounts [] [] [impersonate create delete deletecollection patch update]
Name: system:aggregate-to-view
Labels: kubernetes.io/bootstrapping=rbac-defaults
rbac.authorization.k8s.io/aggregate-to-view=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
bindings [] [] [get list watch]
configmaps [] [] [get list watch]
endpoints [] [] [get list watch]
events [] [] [get list watch]
limitranges [] [] [get list watch]
namespaces/status [] [] [get list watch]
namespaces [] [] [get list watch]
persistentvolumeclaims [] [] [get list watch]
pods/log [] [] [get list watch]
pods/status [] [] [get list watch]
pods [] [] [get list watch]
replicationcontrollers/scale [] [] [get list watch]
replicationcontrollers/status [] [] [get list watch]
replicationcontrollers [] [] [get list watch]
resourcequotas/status [] [] [get list watch]
resourcequotas [] [] [get list watch]
serviceaccounts [] [] [get list watch]
services [] [] [get list watch]
controllerrevisions.apps [] [] [get list watch]
daemonsets.apps [] [] [get list watch]
deployments.apps/scale [] [] [get list watch]
deployments.apps [] [] [get list watch]
replicasets.apps/scale [] [] [get list watch]
replicasets.apps [] [] [get list watch]
statefulsets.apps/scale [] [] [get list watch]
statefulsets.apps [] [] [get list watch]
horizontalpodautoscalers.autoscaling [] [] [get list watch]
cronjobs.batch [] [] [get list watch]
jobs.batch [] [] [get list watch]
daemonsets.extensions [] [] [get list watch]
deployments.extensions/scale [] [] [get list watch]
deployments.extensions [] [] [get list watch]
ingresses.extensions [] [] [get list watch]
networkpolicies.extensions [] [] [get list watch]
replicasets.extensions/scale [] [] [get list watch]
replicasets.extensions [] [] [get list watch]
replicationcontrollers.extensions/scale [] [] [get list watch]
networkpolicies.networking.k8s.io [] [] [get list watch]
poddisruptionbudgets.policy [] [] [get list watch]
Name: system:aggregated-metrics-reader
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true
rbac.authorization.k8s.io/aggregate-to-edit=true
rbac.authorization.k8s.io/aggregate-to-view=true
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods.metrics.k8s.io [] [] [get list watch]
Name: system:auth-delegator
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
Name: system:aws-cloud-provider
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
nodes [] [] [get patch]
Name: system:basic-user
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
selfsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectrulesreviews.authorization.k8s.io [] [] [create]
Name: system:build-strategy-custom
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
builds/custom [] [] [create]
builds.build.openshift.io/custom [] [] [create]
Name: system:build-strategy-docker
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
builds/docker [] [] [create]
builds/optimizeddocker [] [] [create]
builds.build.openshift.io/docker [] [] [create]
builds.build.openshift.io/optimizeddocker [] [] [create]
Name: system:build-strategy-jenkinspipeline
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
builds/jenkinspipeline [] [] [create]
builds.build.openshift.io/jenkinspipeline [] [] [create]
Name: system:build-strategy-source
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
builds/source [] [] [create]
builds.build.openshift.io/source [] [] [create]
Name: system:certificates.k8s.io:certificatesigningrequests:nodeclient
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
certificatesigningrequests.certificates.k8s.io/nodeclient [] [] [create]
Name: system:certificates.k8s.io:certificatesigningrequests:selfnodeclient
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
certificatesigningrequests.certificates.k8s.io/selfnodeclient [] [] [create]
Name: system:controller:attachdetach-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
volumeattachments.storage.k8s.io [] [] [create delete get list watch]
events [] [] [create patch update]
nodes [] [] [get list watch]
persistentvolumeclaims [] [] [list watch]
persistentvolumes [] [] [list watch]
pods [] [] [list watch]
nodes/status [] [] [patch update]
Name: system:controller:certificate-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
subjectaccessreviews.authorization.k8s.io [] [] [create]
certificatesigningrequests.certificates.k8s.io [] [] [delete get list watch]
certificatesigningrequests.certificates.k8s.io/approval [] [] [update]
certificatesigningrequests.certificates.k8s.io/status [] [] [update]
Name: system:controller:clusterrole-aggregation-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
*.* [] [] [*]
[*] [] [*]
Name: system:controller:cronjob-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
jobs.batch [] [] [create delete get list patch update watch]
events [] [] [create patch update]
pods [] [] [delete list]
cronjobs.batch [] [] [get list update watch]
cronjobs.batch/finalizers [] [] [update]
cronjobs.batch/status [] [] [update]
Name: system:controller:daemon-set-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
controllerrevisions.apps [] [] [create delete get list patch update watch]
pods [] [] [create delete list patch watch]
events [] [] [create patch update]
pods/binding [] [] [create]
daemonsets.apps [] [] [get list watch]
daemonsets.extensions [] [] [get list watch]
nodes [] [] [list watch]
daemonsets.apps/finalizers [] [] [update]
daemonsets.apps/status [] [] [update]
daemonsets.extensions/finalizers [] [] [update]
daemonsets.extensions/status [] [] [update]
Name: system:controller:deployment-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
replicasets.apps [] [] [create delete get list patch update watch]
replicasets.extensions [] [] [create delete get list patch update watch]
events [] [] [create patch update]
pods [] [] [get list update watch]
deployments.apps [] [] [get list update watch]
deployments.extensions [] [] [get list update watch]
deployments.apps/finalizers [] [] [update]
deployments.apps/status [] [] [update]
deployments.extensions/finalizers [] [] [update]
deployments.extensions/status [] [] [update]
Name: system:controller:disruption-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
replicationcontrollers [] [] [get list watch]
deployments.apps [] [] [get list watch]
replicasets.apps [] [] [get list watch]
statefulsets.apps [] [] [get list watch]
deployments.extensions [] [] [get list watch]
replicasets.extensions [] [] [get list watch]
poddisruptionbudgets.policy [] [] [get list watch]
poddisruptionbudgets.policy/status [] [] [update]
Name: system:controller:endpoint-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
endpoints [] [] [create delete get list update]
events [] [] [create patch update]
endpoints/restricted [] [] [create]
pods [] [] [get list watch]
services [] [] [get list watch]
Name: system:controller:expand-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
persistentvolumes [] [] [get list patch update watch]
persistentvolumeclaims [] [] [get list watch]
storageclasses.storage.k8s.io [] [] [get list watch]
endpoints [] [] [get]
secrets [] [] [get]
services [] [] [get]
persistentvolumeclaims/status [] [] [patch update]
Name: system:controller:generic-garbage-collector
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
*.* [] [] [delete get list patch update watch]
Name: system:controller:horizontal-pod-autoscaler
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
horizontalpodautoscalers.autoscaling [] [] [get list watch]
*.custom.metrics.k8s.io [] [] [get list]
*.*/scale [] [] [get update]
services/proxy [] [http:heapster:] [get]
services/proxy [] [https:heapster:] [get]
pods [] [] [list]
pods.metrics.k8s.io [] [] [list]
horizontalpodautoscalers.autoscaling/status [] [] [update]
Name: system:controller:job-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [create delete list patch watch]
events [] [] [create patch update]
jobs.batch [] [] [get list update watch]
jobs.batch/finalizers [] [] [update]
jobs.batch/status [] [] [update]
Name: system:controller:namespace-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
*.* [] [] [delete deletecollection get list]
namespaces [] [] [delete get list watch]
namespaces/finalize [] [] [update]
namespaces/status [] [] [update]
Name: system:controller:node-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
nodes [] [] [delete get list patch update]
pods [] [] [delete list]
nodes/status [] [] [patch update]
pods/status [] [] [update]
Name: system:controller:operator-lifecycle-manager
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
*.* [] [] [*]
[*] [] [*]
Name: system:controller:persistent-volume-binder
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
persistentvolumes [] [] [create delete get list update watch]
pods [] [] [create delete get list watch]
endpoints [] [] [create delete get]
services [] [] [create delete get]
persistentvolumeclaims [] [] [get list update watch]
storageclasses.storage.k8s.io [] [] [get list watch]
nodes [] [] [get list]
secrets [] [] [get]
persistentvolumeclaims/status [] [] [update]
persistentvolumes/status [] [] [update]
events [] [] [watch create patch update]
Name: system:controller:pod-garbage-collector
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [delete list watch]
nodes [] [] [list]
Name: system:controller:pv-protection-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
persistentvolumes [] [] [get list update watch]
Name: system:controller:pvc-protection-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
persistentvolumeclaims [] [] [get list update watch]
pods [] [] [get list watch]
Name: system:controller:replicaset-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [create delete list patch watch]
events [] [] [create patch update]
replicasets.apps [] [] [get list update watch]
replicasets.extensions [] [] [get list update watch]
replicasets.apps/finalizers [] [] [update]
replicasets.apps/status [] [] [update]
replicasets.extensions/finalizers [] [] [update]
replicasets.extensions/status [] [] [update]
Name: system:controller:replication-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [create delete list patch watch]
events [] [] [create patch update]
replicationcontrollers [] [] [get list update watch]
replicationcontrollers/finalizers [] [] [update]
replicationcontrollers/status [] [] [update]
Name: system:controller:resourcequota-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
*.* [] [] [list watch]
resourcequotas/status [] [] [update]
Name: system:controller:route-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
nodes [] [] [list watch]
nodes/status [] [] [patch]
Name: system:controller:service-account-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
serviceaccounts [] [] [create]
Name: system:controller:service-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
services [] [] [get list watch]
nodes [] [] [list watch]
services/status [] [] [update]
Name: system:controller:statefulset-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
controllerrevisions.apps [] [] [create delete get list patch update watch]
persistentvolumeclaims [] [] [create get]
events [] [] [create patch update]
statefulsets.apps [] [] [get list watch]
pods [] [] [list watch create delete get patch update]
statefulsets.apps/finalizers [] [] [update]
statefulsets.apps/status [] [] [update]
Name: system:controller:ttl-controller
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
nodes [] [] [list patch update watch]
Name: system:csi-external-attacher
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create get list patch update watch]
persistentvolumes [] [] [get list patch update watch]
volumeattachments.storage.k8s.io [] [] [get list patch update watch]
nodes [] [] [get list watch]
Name: system:csi-external-provisioner
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
persistentvolumes [] [] [create delete get list watch]
events [] [] [create get list patch update watch]
persistentvolumeclaims [] [] [get list patch update watch]
nodes [] [] [get list watch]
storageclasses.storage.k8s.io [] [] [list watch]
Name: system:deployer
Labels: <none>
Annotations: openshift.io/description: Grants the right to deploy within a project. Used primarily with service accounts for automated deployments.
rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [create get list watch]
events [] [] [create list]
imagestreamtags [] [] [create update]
imagestreamtags.image.openshift.io [] [] [create update]
replicationcontrollers [] [] [delete get list update watch]
replicationcontrollers/scale [] [] [get update]
pods/log [] [] [get]
Name: system:discovery
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
[/api/*] [] [get]
[/api] [] [get]
[/apis/*] [] [get]
[/apis] [] [get]
[/healthz] [] [get]
[/openapi/*] [] [get]
[/openapi] [] [get]
[/swagger-2.0.0.pb-v1] [] [get]
[/swagger.json] [] [get]
[/swaggerapi/*] [] [get]
[/swaggerapi] [] [get]
[/version/] [] [get]
[/version] [] [get]
Name: system:heapster
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [get list watch]
namespaces [] [] [get list watch]
nodes [] [] [get list watch]
pods [] [] [get list watch]
deployments.extensions [] [] [get list watch]
Name: system:image-auditor
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
images [] [] [get list patch update watch]
images.image.openshift.io [] [] [get list patch update watch]
Name: system:image-builder
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true
rbac.authorization.k8s.io/aggregate-to-edit=true
Annotations: openshift.io/description:
Grants the right to build, push and pull images from within a project. Used primarily with service accounts for builds.
rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
imagestreams [] [] [create]
imagestreams.image.openshift.io [] [] [create]
imagestreams/layers [] [] [get update]
imagestreams.image.openshift.io/layers [] [] [get update]
builds [] [] [get]
builds.build.openshift.io [] [] [get]
builds/details [] [] [update]
builds.build.openshift.io/details [] [] [update]
Name: system:image-pruner
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
images [] [] [delete get list watch]
images.image.openshift.io [] [] [delete get list watch]
imagestreams [] [] [get list watch]
imagestreams.image.openshift.io [] [] [get list watch]
buildconfigs [] [] [get list]
builds [] [] [get list]
deploymentconfigs [] [] [get list]
pods [] [] [get list]
replicationcontrollers [] [] [get list]
deploymentconfigs.apps.openshift.io [] [] [get list]
daemonsets.apps [] [] [get list]
deployments.apps [] [] [get list]
replicasets.apps [] [] [get list]
buildconfigs.build.openshift.io [] [] [get list]
builds.build.openshift.io [] [] [get list]
daemonsets.extensions [] [] [get list]
deployments.extensions [] [] [get list]
replicasets.extensions [] [] [get list]
limitranges [] [] [list]
imagestreams/status [] [] [update]
imagestreams.image.openshift.io/status [] [] [update]
Name: system:image-puller
Labels: <none>
Annotations: openshift.io/description: Grants the right to pull images from within a project.
rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
imagestreams/layers [] [] [get]
imagestreams.image.openshift.io/layers [] [] [get]
Name: system:image-pusher
Labels: <none>
Annotations: openshift.io/description: Grants the right to push and pull images from within a project.
rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
imagestreams/layers [] [] [get update]
imagestreams.image.openshift.io/layers [] [] [get update]
Name: system:image-signer
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
imagesignatures [] [] [create delete]
imagesignatures.image.openshift.io [] [] [create delete]
images [] [] [get]
imagestreams/layers [] [] [get]
images.image.openshift.io [] [] [get]
imagestreams.image.openshift.io/layers [] [] [get]
Name: system:kube-aggregator
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
endpoints [] [] [get list watch]
services [] [] [get list watch]
Name: system:kube-controller-manager
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
secrets [] [] [create delete get update]
endpoints [] [] [create get update]
serviceaccounts [] [] [create get update]
events [] [] [create patch update]
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
configmaps [] [] [get]
namespaces [] [] [get]
*.* [] [] [list watch]
Name: system:kube-dns
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
endpoints [] [] [list watch]
services [] [] [list watch]
Name: system:kube-scheduler
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
bindings [] [] [create]
endpoints [] [] [create]
pods/binding [] [] [create]
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
pods [] [] [delete get list watch]
endpoints [] [kube-scheduler] [delete get patch update]
nodes [] [] [get list watch]
persistentvolumeclaims [] [] [get list watch]
persistentvolumes [] [] [get list watch]
replicationcontrollers [] [] [get list watch]
services [] [] [get list watch]
replicasets.apps [] [] [get list watch]
statefulsets.apps [] [] [get list watch]
replicasets.extensions [] [] [get list watch]
poddisruptionbudgets.policy [] [] [get list watch]
pods/status [] [] [patch update]
Name: system:kubelet-api-admin
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
nodes/log [] [] [*]
nodes/metrics [] [] [*]
nodes/proxy [] [] [*]
nodes/spec [] [] [*]
nodes/stats [] [] [*]
nodes [] [] [get list watch proxy]
Name: system:master
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
*.* [] [] [*]
[*] [] [*]
Name: system:node
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
nodes [] [] [create get list watch patch update]
certificatesigningrequests.certificates.k8s.io [] [] [create get list watch]
events [] [] [create patch update]
pods/eviction [] [] [create]
serviceaccounts/token [] [] [create]
tokenreviews.authentication.k8s.io [] [] [create]
localsubjectaccessreviews.authorization.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
pods [] [] [get list watch create delete]
configmaps [] [] [get list watch]
secrets [] [] [get list watch]
services [] [] [get list watch]
persistentvolumeclaims/status [] [] [get patch update]
endpoints [] [] [get]
persistentvolumeclaims [] [] [get]
persistentvolumes [] [] [get]
volumeattachments.storage.k8s.io [] [] [get]
nodes/status [] [] [patch update]
pods/status [] [] [patch update]
Name: system:node-admin
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
nodes/log [] [] [*]
nodes/metrics [] [] [*]
nodes/proxy [] [] [*]
nodes/spec [] [] [*]
nodes/stats [] [] [*]
nodes [] [] [get list watch proxy]
Name: system:node-bootstrapper
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
certificatesigningrequests.certificates.k8s.io [] [] [create get list watch]
Name: system:node-problem-detector
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
nodes [] [] [get]
nodes/status [] [] [patch]
Name: system:node-proxier
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
nodes [] [] [get]
endpoints [] [] [list watch]
services [] [] [list watch]
Name: system:node-reader
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
nodes/stats [] [] [create get]
nodes [] [] [get list watch]
nodes/metrics [] [] [get]
nodes/spec [] [] [get]
Name: system:oauth-token-deleter
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
oauthaccesstokens [] [] [delete]
oauthauthorizetokens [] [] [delete]
oauthaccesstokens.oauth.openshift.io [] [] [delete]
oauthauthorizetokens.oauth.openshift.io [] [] [delete]
Name: system:openshift:aggregate-to-admin
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
jenkins.build.openshift.io [] [] [admin edit view]
buildconfigs/webhooks [] [] [create delete deletecollection get list patch update watch]
buildconfigs [] [] [create delete deletecollection get list patch update watch]
buildlogs [] [] [create delete deletecollection get list patch update watch]
builds [] [] [create delete deletecollection get list patch update watch]
deploymentconfigs/scale [] [] [create delete deletecollection get list patch update watch]
deploymentconfigs [] [] [create delete deletecollection get list patch update watch]
imagestreamimages [] [] [create delete deletecollection get list patch update watch]
imagestreammappings [] [] [create delete deletecollection get list patch update watch]
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch]
imagestreams [] [] [create delete deletecollection get list patch update watch]
imagestreamtags [] [] [create delete deletecollection get list patch update watch]
processedtemplates [] [] [create delete deletecollection get list patch update watch]
rolebindings [] [] [create delete deletecollection get list patch update watch]
roles [] [] [create delete deletecollection get list patch update watch]
routes [] [] [create delete deletecollection get list patch update watch]
templateconfigs [] [] [create delete deletecollection get list patch update watch]
templateinstances [] [] [create delete deletecollection get list patch update watch]
templates [] [] [create delete deletecollection get list patch update watch]
deploymentconfigs.apps.openshift.io/scale [] [] [create delete deletecollection get list patch update watch]
deploymentconfigs.apps.openshift.io [] [] [create delete deletecollection get list patch update watch]
rolebindings.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch]
roles.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch]
buildconfigs.build.openshift.io/webhooks [] [] [create delete deletecollection get list patch update watch]
buildconfigs.build.openshift.io [] [] [create delete deletecollection get list patch update watch]
buildlogs.build.openshift.io [] [] [create delete deletecollection get list patch update watch]
builds.build.openshift.io [] [] [create delete deletecollection get list patch update watch]
networkpolicies.extensions [] [] [create delete deletecollection get list patch update watch]
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch]
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
networkpolicies.networking.k8s.io [] [] [create delete deletecollection get list patch update watch]
routes.route.openshift.io [] [] [create delete deletecollection get list patch update watch]
processedtemplates.template.openshift.io [] [] [create delete deletecollection get list patch update watch]
templateconfigs.template.openshift.io [] [] [create delete deletecollection get list patch update watch]
templateinstances.template.openshift.io [] [] [create delete deletecollection get list patch update watch]
templates.template.openshift.io [] [] [create delete deletecollection get list patch update watch]
buildconfigs/instantiate [] [] [create]
buildconfigs/instantiatebinary [] [] [create]
builds/clone [] [] [create]
deploymentconfigrollbacks [] [] [create]
deploymentconfigs/instantiate [] [] [create]
deploymentconfigs/rollback [] [] [create]
imagestreamimports [] [] [create]
localresourceaccessreviews [] [] [create]
localsubjectaccessreviews [] [] [create]
podsecuritypolicyreviews [] [] [create]
podsecuritypolicyselfsubjectreviews [] [] [create]
podsecuritypolicysubjectreviews [] [] [create]
resourceaccessreviews [] [] [create]
routes/custom-host [] [] [create]
subjectaccessreviews [] [] [create]
subjectrulesreviews [] [] [create]
deploymentconfigrollbacks.apps.openshift.io [] [] [create]
deploymentconfigs.apps.openshift.io/instantiate [] [] [create]
deploymentconfigs.apps.openshift.io/rollback [] [] [create]
localresourceaccessreviews.authorization.openshift.io [] [] [create]
localsubjectaccessreviews.authorization.openshift.io [] [] [create]
resourceaccessreviews.authorization.openshift.io [] [] [create]
subjectaccessreviews.authorization.openshift.io [] [] [create]
subjectrulesreviews.authorization.openshift.io [] [] [create]
buildconfigs.build.openshift.io/instantiate [] [] [create]
buildconfigs.build.openshift.io/instantiatebinary [] [] [create]
builds.build.openshift.io/clone [] [] [create]
imagestreamimports.image.openshift.io [] [] [create]
routes.route.openshift.io/custom-host [] [] [create]
podsecuritypolicyreviews.security.openshift.io [] [] [create]
podsecuritypolicyselfsubjectreviews.security.openshift.io [] [] [create]
podsecuritypolicysubjectreviews.security.openshift.io [] [] [create]
projects [] [] [delete get patch update]
projects.project.openshift.io [] [] [delete get patch update]
routes/status [] [] [get list watch update]
routes.route.openshift.io/status [] [] [get list watch update]
appliedclusterresourcequotas [] [] [get list watch]
builds/log [] [] [get list watch]
deploymentconfigs/log [] [] [get list watch]
deploymentconfigs/status [] [] [get list watch]
imagestreams/status [] [] [get list watch]
resourcequotausages [] [] [get list watch]
rolebindingrestrictions [] [] [get list watch]
deploymentconfigs.apps.openshift.io/log [] [] [get list watch]
deploymentconfigs.apps.openshift.io/status [] [] [get list watch]
rolebindingrestrictions.authorization.openshift.io [] [] [get list watch]
builds.build.openshift.io/log [] [] [get list watch]
imagestreams.image.openshift.io/status [] [] [get list watch]
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch]
imagestreams/layers [] [] [get update]
imagestreams.image.openshift.io/layers [] [] [get update]
builds/details [] [] [update]
builds.build.openshift.io/details [] [] [update]
Name: system:openshift:aggregate-to-cluster-reader
Labels: rbac.authorization.k8s.io/aggregate-to-cluster-reader=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
nodes/stats [] [] [create get]
localresourceaccessreviews [] [] [create]
localsubjectaccessreviews [] [] [create]
podsecuritypolicyreviews [] [] [create]
podsecuritypolicyselfsubjectreviews [] [] [create]
podsecuritypolicysubjectreviews [] [] [create]
resourceaccessreviews [] [] [create]
selfsubjectrulesreviews [] [] [create]
subjectaccessreviews [] [] [create]
subjectrulesreviews [] [] [create]
tokenreviews.authentication.k8s.io [] [] [create]
localsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectrulesreviews.authorization.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
localresourceaccessreviews.authorization.openshift.io [] [] [create]
localsubjectaccessreviews.authorization.openshift.io [] [] [create]
resourceaccessreviews.authorization.openshift.io [] [] [create]
selfsubjectrulesreviews.authorization.openshift.io [] [] [create]
subjectaccessreviews.authorization.openshift.io [] [] [create]
subjectrulesreviews.authorization.openshift.io [] [] [create]
podsecuritypolicyreviews.security.openshift.io [] [] [create]
podsecuritypolicyselfsubjectreviews.security.openshift.io [] [] [create]
podsecuritypolicysubjectreviews.security.openshift.io [] [] [create]
securitycontextconstraints [] [] [get list watch get list watch]
brokertemplateinstances [] [] [get list watch]
builds/details [] [] [get list watch]
clusternetworks [] [] [get list watch]
clusterresourcequotas/status [] [] [get list watch]
clusterresourcequotas [] [] [get list watch]
clusterrolebindings [] [] [get list watch]
clusterroles [] [] [get list watch]
componentstatuses [] [] [get list watch]
egressnetworkpolicies [] [] [get list watch]
groups [] [] [get list watch]
hostsubnets [] [] [get list watch]
identities [] [] [get list watch]
images [] [] [get list watch]
imagesignatures [] [] [get list watch]
netnamespaces [] [] [get list watch]
nodes/status [] [] [get list watch]
nodes [] [] [get list watch]
oauthclientauthorizations [] [] [get list watch]
persistentvolumeclaims/status [] [] [get list watch]
persistentvolumes/status [] [] [get list watch]
persistentvolumes [] [] [get list watch]
pods/binding [] [] [get list watch]
pods/eviction [] [] [get list watch]
podtemplates [] [] [get list watch]
projectrequests [] [] [get list watch]
rolebindingrestrictions [] [] [get list watch]
rolebindings [] [] [get list watch]
roles [] [] [get list watch]
services/status [] [] [get list watch]
templateinstances/status [] [] [get list watch]
useridentitymappings [] [] [get list watch]
users [] [] [get list watch]
mutatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch]
validatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch]
customresourcedefinitions.apiextensions.k8s.io/status [] [] [get list watch]
customresourcedefinitions.apiextensions.k8s.io [] [] [get list watch]
apiservices.apiregistration.k8s.io/status [] [] [get list watch]
apiservices.apiregistration.k8s.io [] [] [get list watch]
controllerrevisions.apps [] [] [get list watch]
daemonsets.apps/status [] [] [get list watch]
deployments.apps/status [] [] [get list watch]
replicasets.apps/status [] [] [get list watch]
statefulsets.apps/status [] [] [get list watch]
clusterrolebindings.authorization.openshift.io [] [] [get list watch]
clusterroles.authorization.openshift.io [] [] [get list watch]
rolebindingrestrictions.authorization.openshift.io [] [] [get list watch]
rolebindings.authorization.openshift.io [] [] [get list watch]
roles.authorization.openshift.io [] [] [get list watch]
horizontalpodautoscalers.autoscaling/status [] [] [get list watch]
cronjobs.batch/status [] [] [get list watch]
jobs.batch/status [] [] [get list watch]
builds.build.openshift.io/details [] [] [get list watch]
certificatesigningrequests.certificates.k8s.io/approval [] [] [get list watch]
certificatesigningrequests.certificates.k8s.io/status [] [] [get list watch]
certificatesigningrequests.certificates.k8s.io [] [] [get list watch]
leases.coordination.k8s.io [] [] [get list watch]
events.events.k8s.io [] [] [get list watch]
daemonsets.extensions/status [] [] [get list watch]
deployments.extensions/status [] [] [get list watch]
horizontalpodautoscalers.extensions/status [] [] [get list watch]
horizontalpodautoscalers.extensions [] [] [get list watch]
ingresses.extensions/status [] [] [get list watch]
jobs.extensions/status [] [] [get list watch]
jobs.extensions [] [] [get list watch]
podsecuritypolicies.extensions [] [] [get list watch]
replicasets.extensions/status [] [] [get list watch]
replicationcontrollers.extensions [] [] [get list watch]
storageclasses.extensions [] [] [get list watch]
thirdpartyresources.extensions [] [] [get list watch]
images.image.openshift.io [] [] [get list watch]
imagesignatures.image.openshift.io [] [] [get list watch]
clusternetworks.network.openshift.io [] [] [get list watch]
egressnetworkpolicies.network.openshift.io [] [] [get list watch]
hostsubnets.network.openshift.io [] [] [get list watch]
netnamespaces.network.openshift.io [] [] [get list watch]
oauthclientauthorizations.oauth.openshift.io [] [] [get list watch]
poddisruptionbudgets.policy/status [] [] [get list watch]
podsecuritypolicies.policy [] [] [get list watch]
projectrequests.project.openshift.io [] [] [get list watch]
clusterresourcequotas.quota.openshift.io/status [] [] [get list watch]
clusterresourcequotas.quota.openshift.io [] [] [get list watch]
clusterrolebindings.rbac.authorization.k8s.io [] [] [get list watch]
clusterroles.rbac.authorization.k8s.io [] [] [get list watch]
rolebindings.rbac.authorization.k8s.io [] [] [get list watch]
roles.rbac.authorization.k8s.io [] [] [get list watch]
priorityclasses.scheduling.k8s.io [] [] [get list watch]
rangeallocations.security.openshift.io [] [] [get list watch]
securitycontextconstraints.security.openshift.io [] [] [get list watch]
podpresets.settings.k8s.io [] [] [get list watch]
storageclasses.storage.k8s.io [] [] [get list watch]
volumeattachments.storage.k8s.io/status [] [] [get list watch]
volumeattachments.storage.k8s.io [] [] [get list watch]
brokertemplateinstances.template.openshift.io [] [] [get list watch]
templateinstances.template.openshift.io/status [] [] [get list watch]
groups.user.openshift.io [] [] [get list watch]
identities.user.openshift.io [] [] [get list watch]
useridentitymappings.user.openshift.io [] [] [get list watch]
users.user.openshift.io [] [] [get list watch]
[*] [] [get]
imagestreams/layers [] [] [get]
nodes/metrics [] [] [get]
nodes/spec [] [] [get]
imagestreams.image.openshift.io/layers [] [] [get]
projects [] [] [list watch]
projects.project.openshift.io [] [] [list watch]
Name: system:openshift:aggregate-to-edit
Labels: rbac.authorization.k8s.io/aggregate-to-edit=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
buildconfigs/webhooks [] [] [create delete deletecollection get list patch update watch]
buildconfigs [] [] [create delete deletecollection get list patch update watch]
buildlogs [] [] [create delete deletecollection get list patch update watch]
builds [] [] [create delete deletecollection get list patch update watch]
deploymentconfigs/scale [] [] [create delete deletecollection get list patch update watch]
deploymentconfigs [] [] [create delete deletecollection get list patch update watch]
imagestreamimages [] [] [create delete deletecollection get list patch update watch]
imagestreammappings [] [] [create delete deletecollection get list patch update watch]
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch]
imagestreams [] [] [create delete deletecollection get list patch update watch]
imagestreamtags [] [] [create delete deletecollection get list patch update watch]
processedtemplates [] [] [create delete deletecollection get list patch update watch]
routes [] [] [create delete deletecollection get list patch update watch]
templateconfigs [] [] [create delete deletecollection get list patch update watch]
templateinstances [] [] [create delete deletecollection get list patch update watch]
templates [] [] [create delete deletecollection get list patch update watch]
deploymentconfigs.apps.openshift.io/scale [] [] [create delete deletecollection get list patch update watch]
deploymentconfigs.apps.openshift.io [] [] [create delete deletecollection get list patch update watch]
buildconfigs.build.openshift.io/webhooks [] [] [create delete deletecollection get list patch update watch]
buildconfigs.build.openshift.io [] [] [create delete deletecollection get list patch update watch]
buildlogs.build.openshift.io [] [] [create delete deletecollection get list patch update watch]
builds.build.openshift.io [] [] [create delete deletecollection get list patch update watch]
networkpolicies.extensions [] [] [create delete deletecollection get list patch update watch]
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch]
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch]
networkpolicies.networking.k8s.io [] [] [create delete deletecollection get list patch update watch]
routes.route.openshift.io [] [] [create delete deletecollection get list patch update watch]
processedtemplates.template.openshift.io [] [] [create delete deletecollection get list patch update watch]
templateconfigs.template.openshift.io [] [] [create delete deletecollection get list patch update watch]
templateinstances.template.openshift.io [] [] [create delete deletecollection get list patch update watch]
templates.template.openshift.io [] [] [create delete deletecollection get list patch update watch]
buildconfigs/instantiate [] [] [create]
buildconfigs/instantiatebinary [] [] [create]
builds/clone [] [] [create]
deploymentconfigrollbacks [] [] [create]
deploymentconfigs/instantiate [] [] [create]
deploymentconfigs/rollback [] [] [create]
imagestreamimports [] [] [create]
routes/custom-host [] [] [create]
deploymentconfigrollbacks.apps.openshift.io [] [] [create]
deploymentconfigs.apps.openshift.io/instantiate [] [] [create]
deploymentconfigs.apps.openshift.io/rollback [] [] [create]
buildconfigs.build.openshift.io/instantiate [] [] [create]
buildconfigs.build.openshift.io/instantiatebinary [] [] [create]
builds.build.openshift.io/clone [] [] [create]
imagestreamimports.image.openshift.io [] [] [create]
routes.route.openshift.io/custom-host [] [] [create]
jenkins.build.openshift.io [] [] [edit view]
appliedclusterresourcequotas [] [] [get list watch]
builds/log [] [] [get list watch]
deploymentconfigs/log [] [] [get list watch]
deploymentconfigs/status [] [] [get list watch]
imagestreams/status [] [] [get list watch]
resourcequotausages [] [] [get list watch]
routes/status [] [] [get list watch]
deploymentconfigs.apps.openshift.io/log [] [] [get list watch]
deploymentconfigs.apps.openshift.io/status [] [] [get list watch]
builds.build.openshift.io/log [] [] [get list watch]
imagestreams.image.openshift.io/status [] [] [get list watch]
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch]
routes.route.openshift.io/status [] [] [get list watch]
imagestreams/layers [] [] [get update]
imagestreams.image.openshift.io/layers [] [] [get update]
projects [] [] [get]
projects.project.openshift.io [] [] [get]
builds/details [] [] [update]
builds.build.openshift.io/details [] [] [update]
Name: system:openshift:aggregate-to-view
Labels: rbac.authorization.k8s.io/aggregate-to-view=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
appliedclusterresourcequotas [] [] [get list watch]
buildconfigs/webhooks [] [] [get list watch]
buildconfigs [] [] [get list watch]
buildlogs [] [] [get list watch]
builds/log [] [] [get list watch]
builds [] [] [get list watch]
deploymentconfigs/log [] [] [get list watch]
deploymentconfigs/scale [] [] [get list watch]
deploymentconfigs/status [] [] [get list watch]
deploymentconfigs [] [] [get list watch]
imagestreamimages [] [] [get list watch]
imagestreammappings [] [] [get list watch]
imagestreams/status [] [] [get list watch]
imagestreams [] [] [get list watch]
imagestreamtags [] [] [get list watch]
processedtemplates [] [] [get list watch]
resourcequotausages [] [] [get list watch]
routes/status [] [] [get list watch]
routes [] [] [get list watch]
templateconfigs [] [] [get list watch]
templateinstances [] [] [get list watch]
templates [] [] [get list watch]
deploymentconfigs.apps.openshift.io/log [] [] [get list watch]
deploymentconfigs.apps.openshift.io/scale [] [] [get list watch]
deploymentconfigs.apps.openshift.io/status [] [] [get list watch]
deploymentconfigs.apps.openshift.io [] [] [get list watch]
buildconfigs.build.openshift.io/webhooks [] [] [get list watch]
buildconfigs.build.openshift.io [] [] [get list watch]
buildlogs.build.openshift.io [] [] [get list watch]
builds.build.openshift.io/log [] [] [get list watch]
builds.build.openshift.io [] [] [get list watch]
imagestreamimages.image.openshift.io [] [] [get list watch]
imagestreammappings.image.openshift.io [] [] [get list watch]
imagestreams.image.openshift.io/status [] [] [get list watch]
imagestreams.image.openshift.io [] [] [get list watch]
imagestreamtags.image.openshift.io [] [] [get list watch]
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch]
routes.route.openshift.io/status [] [] [get list watch]
routes.route.openshift.io [] [] [get list watch]
processedtemplates.template.openshift.io [] [] [get list watch]
templateconfigs.template.openshift.io [] [] [get list watch]
templateinstances.template.openshift.io [] [] [get list watch]
templates.template.openshift.io [] [] [get list watch]
projects [] [] [get]
projects.project.openshift.io [] [] [get]
jenkins.build.openshift.io [] [] [view]
Name: system:openshift:cloud-credential-operator:cluster-reader
Labels: rbac.authorization.k8s.io/aggregate-to-cluster-reader=true
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
credentialsrequests.cloudcredential.openshift.io [] [] [get list watch]
Name: system:openshift:cluster-config-operator:cluster-reader
Labels: rbac.authorization.k8s.io/aggregate-to-cluster-reader=true
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
apiservers.config.openshift.io [] [] [get list watch]
authentications.config.openshift.io [] [] [get list watch]
builds.config.openshift.io [] [] [get list watch]
clusteroperators.config.openshift.io [] [] [get list watch]
clusterversions.config.openshift.io [] [] [get list watch]
consoles.config.openshift.io [] [] [get list watch]
dnses.config.openshift.io [] [] [get list watch]
featuregates.config.openshift.io [] [] [get list watch]
images.config.openshift.io [] [] [get list watch]
infrastructures.config.openshift.io [] [] [get list watch]
ingresses.config.openshift.io [] [] [get list watch]
networks.config.openshift.io [] [] [get list watch]
oauths.config.openshift.io [] [] [get list watch]
projects.config.openshift.io [] [] [get list watch]
proxies.config.openshift.io [] [] [get list watch]
schedulers.config.openshift.io [] [] [get list watch]
Name: system:openshift:controller:apiservice-cabundle-injector
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
apiservices.apiregistration.k8s.io [] [] [get list watch update patch]
Name: system:openshift:controller:build-config-change-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
buildconfigs/instantiate [] [] [create]
buildconfigs.build.openshift.io/instantiate [] [] [create]
builds [] [] [delete]
builds.build.openshift.io [] [] [delete]
buildconfigs [] [] [get list watch]
buildconfigs.build.openshift.io [] [] [get list watch]
Name: system:openshift:controller:build-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [create delete get list]
configmaps [] [] [create get list]
events [] [] [create patch update]
builds/custom [] [] [create]
builds/docker [] [] [create]
builds/jenkinspipeline [] [] [create]
builds/optimizeddocker [] [] [create]
builds/source [] [] [create]
podsecuritypolicysubjectreviews [] [] [create]
builds.build.openshift.io/custom [] [] [create]
builds.build.openshift.io/docker [] [] [create]
builds.build.openshift.io/jenkinspipeline [] [] [create]
builds.build.openshift.io/optimizeddocker [] [] [create]
builds.build.openshift.io/source [] [] [create]
podsecuritypolicysubjectreviews.security.openshift.io [] [] [create]
builds [] [] [delete get list patch update watch]
builds.build.openshift.io [] [] [delete get list patch update watch]
imagestreams [] [] [get list]
secrets [] [] [get list]
serviceaccounts [] [] [get list]
builds.config.openshift.io [] [] [get list]
imagestreams.image.openshift.io [] [] [get list]
buildconfigs [] [] [get]
namespaces [] [] [get]
buildconfigs.build.openshift.io [] [] [get]
builds/finalizers [] [] [update]
builds.build.openshift.io/finalizers [] [] [update]
Name: system:openshift:controller:cluster-quota-reconciliation-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
configmaps [] [] [get list]
secrets [] [] [get list]
clusterresourcequotas/status [] [] [update]
clusterresourcequotas.quota.openshift.io/status [] [] [update]
Name: system:openshift:controller:configmap-cabundle-injector
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [get list watch update]
Name: system:openshift:controller:default-rolebindings-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
rolebindings.rbac.authorization.k8s.io [] [] [create get list watch]
events [] [] [create patch update]
namespaces [] [] [get list watch]
Name: system:openshift:controller:deployer-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [create delete get list patch watch]
events [] [] [create patch update]
replicationcontrollers [] [] [delete get list update watch]
replicationcontrollers/scale [] [] [get update]
Name: system:openshift:controller:deploymentconfig-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
replicationcontrollers [] [] [create delete get list patch update watch]
events [] [] [create patch update]
deploymentconfigs [] [] [get list watch]
deploymentconfigs.apps.openshift.io [] [] [get list watch]
replicationcontrollers/scale [] [] [get update]
deploymentconfigs/finalizers [] [] [update]
deploymentconfigs/status [] [] [update]
deploymentconfigs.apps.openshift.io/finalizers [] [] [update]
deploymentconfigs.apps.openshift.io/status [] [] [update]
Name: system:openshift:controller:horizontal-pod-autoscaler
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
deploymentconfigs/scale [] [] [get update]
deploymentconfigs.apps.openshift.io/scale [] [] [get update]
Name: system:openshift:controller:image-import-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
images [] [] [create delete get list patch update watch]
images.image.openshift.io [] [] [create delete get list patch update watch]
imagestreams [] [] [create get list update watch]
imagestreams.image.openshift.io [] [] [create get list update watch]
events [] [] [create patch update]
imagestreamimports [] [] [create]
imagestreamimports.image.openshift.io [] [] [create]
Name: system:openshift:controller:image-trigger-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
buildconfigs/instantiate [] [] [create]
builds/custom [] [] [create]
builds/docker [] [] [create]
builds/jenkinspipeline [] [] [create]
builds/optimizeddocker [] [] [create]
builds/source [] [] [create]
buildconfigs.build.openshift.io/instantiate [] [] [create]
builds.build.openshift.io/custom [] [] [create]
builds.build.openshift.io/docker [] [] [create]
builds.build.openshift.io/jenkinspipeline [] [] [create]
builds.build.openshift.io/optimizeddocker [] [] [create]
builds.build.openshift.io/source [] [] [create]
deploymentconfigs [] [] [get update]
deploymentconfigs.apps.openshift.io [] [] [get update]
deployments.apps [] [] [get update]
statefulsets.apps [] [] [get update]
cronjobs.batch [] [] [get update]
daemonsets.extensions [] [] [get update]
deployments.extensions [] [] [get update]
imagestreams [] [] [list watch]
imagestreams.image.openshift.io [] [] [list watch]
Name: system:openshift:controller:ingress-to-route-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
routes.route.openshift.io [] [] [create delete get list patch update watch]
events [] [] [create patch update]
routes.route.openshift.io/custom-host [] [] [create update]
secrets [] [] [get list watch]
services [] [] [get list watch]
ingress.extensions [] [] [get list watch]
Name: system:openshift:controller:machine-approver
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
certificatesigningrequests.certificates.k8s.io [] [] [get list watch]
machines.machine.openshift.io [] [] [get list watch]
nodes [] [] [get]
certificatesigningrequests.certificates.k8s.io/approval [] [] [update]
Name: system:openshift:controller:namespace-security-allocation-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
rangeallocations.security.openshift.io [] [] [create get update]
events [] [] [create patch update]
namespaces [] [] [get list update watch]
Name: system:openshift:controller:origin-namespace-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
namespaces [] [] [get list watch]
namespaces/finalize [] [] [update]
namespaces/status [] [] [update]
Name: system:openshift:controller:pv-recycler-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
persistentvolumes [] [] [create delete get list update watch]
pods [] [] [create delete get list watch]
events [] [] [create patch update]
persistentvolumeclaims [] [] [get list update watch]
persistentvolumeclaims/status [] [] [update]
persistentvolumes/status [] [] [update]
Name: system:openshift:controller:resourcequota-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
configmaps [] [] [list]
replicationcontrollers [] [] [list]
resourcequotas [] [] [list]
secrets [] [] [list]
services [] [] [list]
resourcequotas/status [] [] [update]
Name: system:openshift:controller:sdn-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
hostsubnets [] [] [create delete get list update watch]
netnamespaces [] [] [create delete get list update watch]
hostsubnets.network.openshift.io [] [] [create delete get list update watch]
netnamespaces.network.openshift.io [] [] [create delete get list update watch]
clusternetworks [] [] [create get update]
clusternetworks.network.openshift.io [] [] [create get update]
events [] [] [create patch update]
namespaces [] [] [get list watch]
nodes [] [] [get list watch]
services [] [] [get list watch]
pods [] [] [get list]
nodes/status [] [] [update]
Name: system:openshift:controller:service-ingress-ip-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
services [] [] [list update watch]
services/status [] [] [update]
Name: system:openshift:controller:service-serving-cert-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
secrets [] [] [create delete get list update watch]
events [] [] [create patch update]
services [] [] [list update watch]
Name: system:openshift:controller:service-serving-cert-signer
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
secrets [] [] [get list watch create update patch]
services [] [] [get list watch update patch]
Name: system:openshift:controller:serviceaccount-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
serviceaccounts [] [] [create delete get list patch update watch]
events [] [] [create patch update]
Name: system:openshift:controller:serviceaccount-pull-secrets-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
secrets [] [] [create delete get list patch update watch]
serviceaccounts [] [] [create get list update watch]
events [] [] [create patch update]
services [] [] [get list watch]
Name: system:openshift:controller:template-instance-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
subjectaccessreviews.authorization.k8s.io [] [] [create]
templateinstances.template.openshift.io/status [] [] [update]
Name: system:openshift:controller:template-instance-finalizer-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
templateinstances.template.openshift.io/status [] [] [update]
Name: system:openshift:controller:template-service-broker
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
templateinstances.template.openshift.io [] [] [assign create delete get]
brokertemplateinstances.template.openshift.io [] [] [create delete get update]
secrets [] [] [create delete get]
events [] [] [create patch update]
subjectaccessreviews.authorization.k8s.io [] [] [create]
subjectaccessreviews.authorization.openshift.io [] [] [create]
templates.template.openshift.io [] [] [get list watch]
configmaps [] [] [get]
routes [] [] [get]
services [] [] [get]
routes.route.openshift.io [] [] [get]
brokertemplateinstances.template.openshift.io/finalizers [] [] [update]
Name: system:openshift:controller:unidling-controller
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
deploymentconfigs [] [] [get patch update]
replicationcontrollers [] [] [get patch update]
deploymentconfigs.apps.openshift.io [] [] [get patch update]
deploymentconfigs/scale [] [] [get update]
endpoints [] [] [get update]
replicationcontrollers/scale [] [] [get update]
deploymentconfigs.apps.openshift.io/scale [] [] [get update]
deployments.apps/scale [] [] [get update]
replicasets.apps/scale [] [] [get update]
deployments.extensions/scale [] [] [get update]
replicasets.extensions/scale [] [] [get update]
events [] [] [list watch create patch update]
Name: system:openshift:discovery
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
[/.well-known/*] [] [get]
[/.well-known] [] [get]
[/] [] [get]
[/api/*] [] [get]
[/api] [] [get]
[/apis/*] [] [get]
[/apis] [] [get]
[/oapi/*] [] [get]
[/oapi] [] [get]
[/openapi/v2] [] [get]
[/osapi/] [] [get]
[/osapi] [] [get]
[/swagger-2.0.0.pb-v1] [] [get]
[/swagger.json] [] [get]
[/swaggerapi/*] [] [get]
[/swaggerapi] [] [get]
[/version/*] [] [get]
[/version] [] [get]
Name: system:openshift:machine-config-operator:cluster-reader
Labels: rbac.authorization.k8s.io/aggregate-to-cluster-reader=true
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
containerruntimeconfigs.machineconfiguration.openshift.io [] [] [get list watch]
controllerconfigs.machineconfiguration.openshift.io [] [] [get list watch]
kubeletconfigs.machineconfiguration.openshift.io [] [] [get list watch]
machineconfigpools.machineconfiguration.openshift.io [] [] [get list watch]
mcoconfigs.machineconfiguration.openshift.io [] [] [get list watch]
Name: system:openshift:openshift-controller-manager
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
events.events.k8s.io [] [] [create patch update]
*.* [] [] [get list watch]
Name: system:openshift:public-info-viewer
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
[/readyz] [] [get]
Name: system:openshift:templateservicebroker-client
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
[/brokers/template.openshift.io/*] [] [delete]
[/brokers/template.openshift.io/*] [] [get]
[/brokers/template.openshift.io/*] [] [put]
[/brokers/template.openshift.io/*] [] [update]
Name: system:openshift:tokenreview-openshift-controller-manager
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
Name: system:persistent-volume-provisioner
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
persistentvolumes [] [] [create delete get list watch]
persistentvolumeclaims [] [] [get list update watch]
storageclasses.storage.k8s.io [] [] [get list watch]
events [] [] [watch create patch update]
Name: system:registry
Labels: <none>
Annotations: imageregistry.operator.openshift.io/checksum: sha256:4f5c458a9529be990802411d939d2126b77fa47083541be8946d4ca262db41d0
rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
imagestreammappings [] [] [create]
imagestreammappings.image.openshift.io [] [] [create]
images [] [] [delete get get update]
imagestreamtags [] [] [delete get]
imagestreamtags.image.openshift.io [] [] [delete get]
images.image.openshift.io [] [] [get update delete]
imagestreams.image.openshift.io [] [] [get update]
imagestreamimages [] [] [get]
imagestreams/secrets [] [] [get]
imagestreamimages.image.openshift.io [] [] [get]
imagestreams.image.openshift.io/layers [] [] [get]
imagestreams.image.openshift.io/secrets [] [] [get]
imagestreams [] [] [list get update]
limitranges [] [] [list]
resourcequotas [] [] [list]
Name: system:router
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
endpoints [] [] [list watch]
routes [] [] [list watch]
services [] [] [list watch]
routes.route.openshift.io [] [] [list watch]
routes/status [] [] [update]
routes.route.openshift.io/status [] [] [update]
Name: system:scope-impersonation
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
userextras.authentication.k8s.io/scopes.authorization.openshift.io [] [] [impersonate]
Name: system:sdn-manager
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
hostsubnets [] [] [create delete get list watch]
netnamespaces [] [] [create delete get list watch]
hostsubnets.network.openshift.io [] [] [create delete get list watch]
netnamespaces.network.openshift.io [] [] [create delete get list watch]
clusternetworks [] [] [create get]
clusternetworks.network.openshift.io [] [] [create get]
nodes [] [] [get list watch]
Name: system:sdn-reader
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch update]
egressnetworkpolicies [] [] [get list watch]
hostsubnets [] [] [get list watch]
namespaces [] [] [get list watch]
netnamespaces [] [] [get list watch]
nodes [] [] [get list watch]
networkpolicies.extensions [] [] [get list watch]
egressnetworkpolicies.network.openshift.io [] [] [get list watch]
hostsubnets.network.openshift.io [] [] [get list watch]
netnamespaces.network.openshift.io [] [] [get list watch]
networkpolicies.networking.k8s.io [] [] [get list watch]
clusternetworks [] [] [get]
clusternetworks.network.openshift.io [] [] [get]
Name: system:volume-scheduler
Labels: kubernetes.io/bootstrapping=rbac-defaults
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
persistentvolumeclaims [] [] [get list patch update watch]
persistentvolumes [] [] [get list patch update watch]
storageclasses.storage.k8s.io [] [] [get list watch]
Name: system:webhook
Labels: <none>
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
buildconfigs/webhooks [] [] [create get]
buildconfigs.build.openshift.io/webhooks [] [] [create get]
Name: telemeter-client
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
tokenreviews.authentication.k8s.io [] [] [create]
subjectaccessreviews.authorization.k8s.io [] [] [create]
Name: view
Labels: kubernetes.io/bootstrapping=rbac-defaults
rbac.authorization.k8s.io/aggregate-to-edit=true
Annotations: rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
namespaces [] [] [get get list watch]
appliedclusterresourcequotas [] [] [get list watch]
bindings [] [] [get list watch]
buildconfigs/webhooks [] [] [get list watch]
buildconfigs [] [] [get list watch]
buildlogs [] [] [get list watch]
builds/log [] [] [get list watch]
builds [] [] [get list watch]
configmaps [] [] [get list watch]
deploymentconfigs/log [] [] [get list watch]
deploymentconfigs/scale [] [] [get list watch]
deploymentconfigs/status [] [] [get list watch]
deploymentconfigs [] [] [get list watch]
endpoints [] [] [get list watch]
events [] [] [get list watch]
imagestreamimages [] [] [get list watch]
imagestreammappings [] [] [get list watch]
imagestreams/status [] [] [get list watch]
imagestreams [] [] [get list watch]
imagestreamtags [] [] [get list watch]
limitranges [] [] [get list watch]
namespaces/status [] [] [get list watch]
persistentvolumeclaims [] [] [get list watch]
pods/log [] [] [get list watch]
pods/status [] [] [get list watch]
pods [] [] [get list watch]
processedtemplates [] [] [get list watch]
replicationcontrollers/scale [] [] [get list watch]
replicationcontrollers/status [] [] [get list watch]
replicationcontrollers [] [] [get list watch]
resourcequotas/status [] [] [get list watch]
resourcequotas [] [] [get list watch]
resourcequotausages [] [] [get list watch]
routes/status [] [] [get list watch]
routes [] [] [get list watch]
serviceaccounts [] [] [get list watch]
services [] [] [get list watch]
templateconfigs [] [] [get list watch]
templateinstances [] [] [get list watch]
templates [] [] [get list watch]
deploymentconfigs.apps.openshift.io/log [] [] [get list watch]
deploymentconfigs.apps.openshift.io/scale [] [] [get list watch]
deploymentconfigs.apps.openshift.io/status [] [] [get list watch]
deploymentconfigs.apps.openshift.io [] [] [get list watch]
controllerrevisions.apps [] [] [get list watch]
daemonsets.apps [] [] [get list watch]
deployments.apps/scale [] [] [get list watch]
deployments.apps [] [] [get list watch]
replicasets.apps/scale [] [] [get list watch]
replicasets.apps [] [] [get list watch]
statefulsets.apps/scale [] [] [get list watch]
statefulsets.apps [] [] [get list watch]
horizontalpodautoscalers.autoscaling [] [] [get list watch]
cronjobs.batch [] [] [get list watch]
jobs.batch [] [] [get list watch]
buildconfigs.build.openshift.io/webhooks [] [] [get list watch]
buildconfigs.build.openshift.io [] [] [get list watch]
buildlogs.build.openshift.io [] [] [get list watch]
builds.build.openshift.io/log [] [] [get list watch]
builds.build.openshift.io [] [] [get list watch]
daemonsets.extensions [] [] [get list watch]
deployments.extensions/scale [] [] [get list watch]
deployments.extensions [] [] [get list watch]
ingresses.extensions [] [] [get list watch]
networkpolicies.extensions [] [] [get list watch]
replicasets.extensions/scale [] [] [get list watch]
replicasets.extensions [] [] [get list watch]
replicationcontrollers.extensions/scale [] [] [get list watch]
imagestreamimages.image.openshift.io [] [] [get list watch]
imagestreammappings.image.openshift.io [] [] [get list watch]
imagestreams.image.openshift.io/status [] [] [get list watch]
imagestreams.image.openshift.io [] [] [get list watch]
imagestreamtags.image.openshift.io [] [] [get list watch]
pods.metrics.k8s.io [] [] [get list watch]
networkpolicies.networking.k8s.io [] [] [get list watch]
catalogsources.operators.coreos.com [] [] [get list watch]
clusterserviceversions.operators.coreos.com [] [] [get list watch]
installplans.operators.coreos.com [] [] [get list watch]
operatorgroups.operators.coreos.com [] [] [get list watch]
subscriptions.operators.coreos.com [] [] [get list watch]
packagemanifests.packages.operators.coreos.com [] [] [get list watch]
poddisruptionbudgets.policy [] [] [get list watch]
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch]
routes.route.openshift.io/status [] [] [get list watch]
routes.route.openshift.io [] [] [get list watch]
processedtemplates.template.openshift.io [] [] [get list watch]
templateconfigs.template.openshift.io [] [] [get list watch]
templateinstances.template.openshift.io [] [] [get list watch]
templates.template.openshift.io [] [] [get list watch]
imagestreams/layers [] [] [get]
projects [] [] [get]
imagestreams.image.openshift.io/layers [] [] [get]
projects.project.openshift.io [] [] [get]
jenkins.build.openshift.io [] [] [view]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment