Created
August 17, 2019 11:36
-
-
Save jwmatthews/0e2ab32682dfda0d8e4e48c1d4dc1d20 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Name: admin | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
imagestreams [] [] [create delete deletecollection get list patch update watch create get list watch] | |
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch create get list watch] | |
secrets [] [] [create delete deletecollection get list patch update watch get list watch create delete deletecollection patch update] | |
buildconfigs/webhooks [] [] [create delete deletecollection get list patch update watch get list watch] | |
buildconfigs [] [] [create delete deletecollection get list patch update watch get list watch] | |
buildlogs [] [] [create delete deletecollection get list patch update watch get list watch] | |
deploymentconfigs/scale [] [] [create delete deletecollection get list patch update watch get list watch] | |
deploymentconfigs [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreamimages [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreammappings [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreamtags [] [] [create delete deletecollection get list patch update watch get list watch] | |
processedtemplates [] [] [create delete deletecollection get list patch update watch get list watch] | |
routes [] [] [create delete deletecollection get list patch update watch get list watch] | |
templateconfigs [] [] [create delete deletecollection get list patch update watch get list watch] | |
templateinstances [] [] [create delete deletecollection get list patch update watch get list watch] | |
templates [] [] [create delete deletecollection get list patch update watch get list watch] | |
deploymentconfigs.apps.openshift.io/scale [] [] [create delete deletecollection get list patch update watch get list watch] | |
deploymentconfigs.apps.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
buildconfigs.build.openshift.io/webhooks [] [] [create delete deletecollection get list patch update watch get list watch] | |
buildconfigs.build.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
buildlogs.build.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
routes.route.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
processedtemplates.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
templateconfigs.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
templateinstances.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
templates.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
serviceaccounts [] [] [create delete deletecollection get list patch update watch impersonate create delete deletecollection patch update get list watch] | |
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch] | |
rolebindings [] [] [create delete deletecollection get list patch update watch] | |
roles [] [] [create delete deletecollection get list patch update watch] | |
rolebindings.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
roles.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch] | |
rolebindings.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
roles.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
networkpolicies.extensions [] [] [create delete deletecollection patch update create delete deletecollection get list patch update watch get list watch] | |
networkpolicies.networking.k8s.io [] [] [create delete deletecollection patch update create delete deletecollection get list patch update watch get list watch] | |
configmaps [] [] [create delete deletecollection patch update get list watch] | |
endpoints [] [] [create delete deletecollection patch update get list watch] | |
persistentvolumeclaims [] [] [create delete deletecollection patch update get list watch] | |
pods [] [] [create delete deletecollection patch update get list watch] | |
replicationcontrollers/scale [] [] [create delete deletecollection patch update get list watch] | |
replicationcontrollers [] [] [create delete deletecollection patch update get list watch] | |
services [] [] [create delete deletecollection patch update get list watch] | |
daemonsets.apps [] [] [create delete deletecollection patch update get list watch] | |
deployments.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
deployments.apps [] [] [create delete deletecollection patch update get list watch] | |
replicasets.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
replicasets.apps [] [] [create delete deletecollection patch update get list watch] | |
statefulsets.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
statefulsets.apps [] [] [create delete deletecollection patch update get list watch] | |
horizontalpodautoscalers.autoscaling [] [] [create delete deletecollection patch update get list watch] | |
cronjobs.batch [] [] [create delete deletecollection patch update get list watch] | |
jobs.batch [] [] [create delete deletecollection patch update get list watch] | |
daemonsets.extensions [] [] [create delete deletecollection patch update get list watch] | |
deployments.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
deployments.extensions [] [] [create delete deletecollection patch update get list watch] | |
ingresses.extensions [] [] [create delete deletecollection patch update get list watch] | |
replicasets.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
replicasets.extensions [] [] [create delete deletecollection patch update get list watch] | |
replicationcontrollers.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
poddisruptionbudgets.policy [] [] [create delete deletecollection patch update get list watch] | |
deployments.apps/rollback [] [] [create delete deletecollection patch update] | |
deployments.extensions/rollback [] [] [create delete deletecollection patch update] | |
subscriptions.operators.coreos.com [] [] [create update patch delete delete get list watch] | |
buildconfigs/instantiate [] [] [create] | |
buildconfigs/instantiatebinary [] [] [create] | |
builds/clone [] [] [create] | |
deploymentconfigrollbacks [] [] [create] | |
deploymentconfigs/instantiate [] [] [create] | |
deploymentconfigs/rollback [] [] [create] | |
imagestreamimports [] [] [create] | |
localresourceaccessreviews [] [] [create] | |
localsubjectaccessreviews [] [] [create] | |
podsecuritypolicyreviews [] [] [create] | |
podsecuritypolicyselfsubjectreviews [] [] [create] | |
podsecuritypolicysubjectreviews [] [] [create] | |
resourceaccessreviews [] [] [create] | |
routes/custom-host [] [] [create] | |
subjectaccessreviews [] [] [create] | |
subjectrulesreviews [] [] [create] | |
deploymentconfigrollbacks.apps.openshift.io [] [] [create] | |
deploymentconfigs.apps.openshift.io/instantiate [] [] [create] | |
deploymentconfigs.apps.openshift.io/rollback [] [] [create] | |
localsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
localresourceaccessreviews.authorization.openshift.io [] [] [create] | |
localsubjectaccessreviews.authorization.openshift.io [] [] [create] | |
resourceaccessreviews.authorization.openshift.io [] [] [create] | |
subjectaccessreviews.authorization.openshift.io [] [] [create] | |
subjectrulesreviews.authorization.openshift.io [] [] [create] | |
buildconfigs.build.openshift.io/instantiate [] [] [create] | |
buildconfigs.build.openshift.io/instantiatebinary [] [] [create] | |
builds.build.openshift.io/clone [] [] [create] | |
imagestreamimports.image.openshift.io [] [] [create] | |
routes.route.openshift.io/custom-host [] [] [create] | |
podsecuritypolicyreviews.security.openshift.io [] [] [create] | |
podsecuritypolicyselfsubjectreviews.security.openshift.io [] [] [create] | |
podsecuritypolicysubjectreviews.security.openshift.io [] [] [create] | |
catalogsources.operators.coreos.com [] [] [delete get list watch] | |
clusterserviceversions.operators.coreos.com [] [] [delete get list watch] | |
installplans.operators.coreos.com [] [] [delete get list watch] | |
jenkins.build.openshift.io [] [] [edit view view admin edit view] | |
builds [] [] [get create delete deletecollection get list patch update watch get list watch] | |
builds.build.openshift.io [] [] [get create delete deletecollection get list patch update watch get list watch] | |
projects [] [] [get delete get delete get patch update] | |
projects.project.openshift.io [] [] [get delete get delete get patch update] | |
namespaces [] [] [get get list watch] | |
pods/attach [] [] [get list watch create delete deletecollection patch update] | |
pods/exec [] [] [get list watch create delete deletecollection patch update] | |
pods/portforward [] [] [get list watch create delete deletecollection patch update] | |
pods/proxy [] [] [get list watch create delete deletecollection patch update] | |
services/proxy [] [] [get list watch create delete deletecollection patch update] | |
packagemanifests.packages.operators.coreos.com [] [] [get list watch create update patch delete *] | |
routes/status [] [] [get list watch update] | |
routes.route.openshift.io/status [] [] [get list watch update] | |
appliedclusterresourcequotas [] [] [get list watch] | |
bindings [] [] [get list watch] | |
builds/log [] [] [get list watch] | |
deploymentconfigs/log [] [] [get list watch] | |
deploymentconfigs/status [] [] [get list watch] | |
events [] [] [get list watch] | |
imagestreams/status [] [] [get list watch] | |
limitranges [] [] [get list watch] | |
namespaces/status [] [] [get list watch] | |
pods/log [] [] [get list watch] | |
pods/status [] [] [get list watch] | |
replicationcontrollers/status [] [] [get list watch] | |
resourcequotas/status [] [] [get list watch] | |
resourcequotas [] [] [get list watch] | |
resourcequotausages [] [] [get list watch] | |
rolebindingrestrictions [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/log [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/status [] [] [get list watch] | |
controllerrevisions.apps [] [] [get list watch] | |
rolebindingrestrictions.authorization.openshift.io [] [] [get list watch] | |
builds.build.openshift.io/log [] [] [get list watch] | |
imagestreams.image.openshift.io/status [] [] [get list watch] | |
pods.metrics.k8s.io [] [] [get list watch] | |
operatorgroups.operators.coreos.com [] [] [get list watch] | |
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch] | |
imagestreams/layers [] [] [get update get] | |
imagestreams.image.openshift.io/layers [] [] [get update get] | |
builds/details [] [] [update] | |
builds.build.openshift.io/details [] [] [update] | |
Name: aggregate-olm-edit | |
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true | |
rbac.authorization.k8s.io/aggregate-to-edit=true | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
subscriptions.operators.coreos.com [] [] [create update patch delete delete] | |
catalogsources.operators.coreos.com [] [] [delete] | |
clusterserviceversions.operators.coreos.com [] [] [delete] | |
installplans.operators.coreos.com [] [] [delete] | |
Name: aggregate-olm-view | |
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true | |
rbac.authorization.k8s.io/aggregate-to-edit=true | |
rbac.authorization.k8s.io/aggregate-to-view=true | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
catalogsources.operators.coreos.com [] [] [get list watch] | |
clusterserviceversions.operators.coreos.com [] [] [get list watch] | |
installplans.operators.coreos.com [] [] [get list watch] | |
operatorgroups.operators.coreos.com [] [] [get list watch] | |
subscriptions.operators.coreos.com [] [] [get list watch] | |
packagemanifests.packages.operators.coreos.com [] [] [get list watch] | |
Name: alertmanager-main | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
Name: basic-user | |
Labels: <none> | |
Annotations: openshift.io/description: A user that can get basic information about projects. | |
rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
selfsubjectrulesreviews [] [] [create] | |
selfsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
selfsubjectrulesreviews.authorization.openshift.io [] [] [create] | |
clusterroles.rbac.authorization.k8s.io [] [] [get list watch] | |
clusterroles [] [] [get list] | |
clusterroles.authorization.openshift.io [] [] [get list] | |
storageclasses.storage.k8s.io [] [] [get list] | |
users [] [~] [get] | |
users.user.openshift.io [] [~] [get] | |
projects [] [] [list watch] | |
projects.project.openshift.io [] [] [list watch] | |
projectrequests [] [] [list] | |
projectrequests.project.openshift.io [] [] [list] | |
Name: cloud-credential-operator-role | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
clusteroperators.config.openshift.io/status [] [] [create get update list watch] | |
clusteroperators.config.openshift.io [] [] [create get update list watch] | |
secrets [] [] [get list watch create update patch delete get list watch update] | |
credentialsrequests.cloudcredential.openshift.io/finalizers [] [] [get list watch create update patch delete] | |
credentialsrequests.cloudcredential.openshift.io/status [] [] [get list watch create update patch delete] | |
credentialsrequests.cloudcredential.openshift.io [] [] [get list watch create update patch delete] | |
configmaps [] [] [get list watch] | |
namespaces [] [] [get list watch] | |
clusterversions.config.openshift.io [] [] [get list watch] | |
infrastructures.config.openshift.io [] [] [get list watch] | |
Name: cluster-admin | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
*.* [] [] [*] | |
[*] [] [*] | |
Name: cluster-autoscaler | |
Labels: k8s-addon=cluster-autoscaler.addons.k8s.io | |
k8s-app=cluster-autoscaler | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
endpoints [] [] [create patch] | |
events [] [] [create patch] | |
pods/eviction [] [] [create] | |
endpoints [] [cluster-autoscaler] [get update] | |
pods/status [] [] [update] | |
nodes [] [] [watch list get update] | |
machinedeployments.cluster.k8s.io [] [] [watch list get update] | |
machines.cluster.k8s.io [] [] [watch list get update] | |
machinesets.cluster.k8s.io [] [] [watch list get update] | |
machinedeployments.machine.openshift.io [] [] [watch list get update] | |
machines.machine.openshift.io [] [] [watch list get update] | |
machinesets.machine.openshift.io [] [] [watch list get update] | |
namespaces [] [] [watch list get] | |
persistentvolumeclaims [] [] [watch list get] | |
persistentvolumes [] [] [watch list get] | |
pods [] [] [watch list get] | |
replicationcontrollers [] [] [watch list get] | |
services [] [] [watch list get] | |
daemonsets.apps [] [] [watch list get] | |
replicasets.apps [] [] [watch list get] | |
statefulsets.apps [] [] [watch list get] | |
daemonsets.extensions [] [] [watch list get] | |
replicasets.extensions [] [] [watch list get] | |
storageclasses.storage.k8s.io [] [] [watch list get] | |
poddisruptionbudgets.policy [] [] [watch list] | |
Name: cluster-autoscaler-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
*.autoscaling.openshift.io [] [] [*] | |
clusteroperators.config.openshift.io/status [] [] [create get update] | |
clusteroperators.config.openshift.io [] [] [create get update] | |
Name: cluster-debugger | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
[/debug/pprof/*] [] [get] | |
[/debug/pprof] [] [get] | |
[/metrics] [] [get] | |
Name: cluster-image-registry-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
clusteroperators.config.openshift.io [] [] [* create get update] | |
configmaps [] [] [*] | |
endpoints [] [] [*] | |
events [] [] [*] | |
namespaces [] [] [*] | |
persistentvolumeclaims [] [] [*] | |
pods [] [] [*] | |
secrets [] [] [*] | |
serviceaccounts [] [] [*] | |
services [] [] [*] | |
deploymentconfigs.apps.openshift.io [] [] [*] | |
daemonsets.apps [] [] [*] | |
deploymentconfigs.apps [] [] [*] | |
deployments.apps [] [] [*] | |
replicasets.apps [] [] [*] | |
statefulsets.apps [] [] [*] | |
images.config.openshift.io/status [] [] [*] | |
images.config.openshift.io [] [] [*] | |
*.image.openshift.io [] [] [*] | |
*.imageregistry.operator.openshift.io [] [] [*] | |
clusterrolebindings.rbac.authorization.k8s.io [] [] [*] | |
clusterroles.rbac.authorization.k8s.io [] [] [*] | |
routes.route.openshift.io/custom-host [] [] [*] | |
routes.route.openshift.io [] [] [*] | |
clusteroperators.config.openshift.io/status [] [] [create get update] | |
clusterversions.config.openshift.io [] [] [get] | |
limitranges [] [] [list] | |
resourcequotas [] [] [list] | |
Name: cluster-monitoring-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
customresourcedefinitions.apiextensions.k8s.io [] [] [*] | |
*.metrics.k8s.io [] [] [*] | |
alertmanagers.monitoring.coreos.com/finalizers [] [] [*] | |
alertmanagers.monitoring.coreos.com [] [] [*] | |
prometheuses.monitoring.coreos.com/finalizers [] [] [*] | |
prometheuses.monitoring.coreos.com [] [] [*] | |
prometheusrules.monitoring.coreos.com [] [] [*] | |
servicemonitors.monitoring.coreos.com [] [] [*] | |
configmaps [] [] [create delete get list update watch list watch get *] | |
services [] [] [create delete get list update watch list watch get list watch get list watch create delete get update] | |
daemonsets.apps [] [] [create delete get list update watch list watch] | |
deployments.apps [] [] [create delete get list update watch list watch] | |
serviceaccounts [] [] [create delete get list update watch] | |
apiservices.apiregistration.k8s.io [] [] [create delete get list update watch] | |
clusterrolebindings.rbac.authorization.k8s.io [] [] [create delete get list update watch] | |
clusterroles.rbac.authorization.k8s.io [] [] [create delete get list update watch] | |
rolebindings.rbac.authorization.k8s.io [] [] [create delete get list update watch] | |
roles.rbac.authorization.k8s.io [] [] [create delete get list update watch] | |
routes.route.openshift.io [] [] [create delete get list update watch] | |
securitycontextconstraints.security.openshift.io [] [] [create delete get list update watch] | |
services/finalizers [] [] [create delete get update] | |
clusteroperators.config.openshift.io/status [] [] [create get update] | |
clusteroperators.config.openshift.io [] [] [create get update] | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
namespaces [] [] [get list watch get list watch get list watch] | |
pods.metrics.k8s.io [] [] [get list watch] | |
deployments.apps [] [kube-state-metrics] [get update] | |
deployments.extensions [] [kube-state-metrics] [get update] | |
[/metrics] [] [get] | |
nodes/metrics [] [] [get] | |
clusterversions.config.openshift.io [] [] [get] | |
proxies.config.openshift.io [] [] [get] | |
secrets [] [] [list watch *] | |
statefulsets.apps [] [] [list watch *] | |
pods [] [] [list watch get get list watch get list watch delete list] | |
endpoints [] [] [list watch get list watch create delete get update] | |
nodes [] [] [list watch get list watch list watch] | |
limitranges [] [] [list watch] | |
persistentvolumeclaims [] [] [list watch] | |
persistentvolumes [] [] [list watch] | |
replicationcontrollers [] [] [list watch] | |
resourcequotas [] [] [list watch] | |
replicasets.apps [] [] [list watch] | |
horizontalpodautoscalers.autoscaling [] [] [list watch] | |
cronjobs.batch [] [] [list watch] | |
jobs.batch [] [] [list watch] | |
daemonsets.extensions [] [] [list watch] | |
deployments.extensions [] [] [list watch] | |
replicasets.extensions [] [] [list watch] | |
poddisruptionbudgets.policy [] [] [list watch] | |
securitycontextconstraints.security.openshift.io [] [node-exporter] [use] | |
Name: cluster-monitoring-view | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
namespaces [] [] [get] | |
Name: cluster-node-tuning-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
*.tuned.openshift.io [] [] [*] | |
daemonsets.apps [] [] [create delete list update watch] | |
clusterrolebindings.rbac.authorization.k8s.io [] [] [create delete list update watch] | |
clusterroles.rbac.authorization.k8s.io [] [] [create delete list update watch] | |
configmaps [] [] [create get delete list update watch] | |
namespaces [] [] [create get delete list update watch] | |
serviceaccounts [] [] [create get delete list update watch] | |
services [] [] [create get delete list update watch] | |
clusteroperators.config.openshift.io [] [] [create get] | |
nodes [] [] [get list watch] | |
pods [] [] [get list watch] | |
nodes/metrics [] [] [get] | |
nodes/specs [] [] [get] | |
clusteroperators.config.openshift.io/status [] [] [update] | |
securitycontextconstraints.security.openshift.io [] [] [use] | |
Name: cluster-node-tuning:tuned | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
nodes [] [] [get list watch] | |
pods [] [] [get list watch] | |
securitycontextconstraints.security.openshift.io [] [privileged] [use] | |
Name: cluster-reader | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
nodes/stats [] [] [create get] | |
localresourceaccessreviews [] [] [create] | |
localsubjectaccessreviews [] [] [create] | |
podsecuritypolicyreviews [] [] [create] | |
podsecuritypolicyselfsubjectreviews [] [] [create] | |
podsecuritypolicysubjectreviews [] [] [create] | |
resourceaccessreviews [] [] [create] | |
selfsubjectrulesreviews [] [] [create] | |
subjectaccessreviews [] [] [create] | |
subjectrulesreviews [] [] [create] | |
tokenreviews.authentication.k8s.io [] [] [create] | |
localsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
selfsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
selfsubjectrulesreviews.authorization.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
localresourceaccessreviews.authorization.openshift.io [] [] [create] | |
localsubjectaccessreviews.authorization.openshift.io [] [] [create] | |
resourceaccessreviews.authorization.openshift.io [] [] [create] | |
selfsubjectrulesreviews.authorization.openshift.io [] [] [create] | |
subjectaccessreviews.authorization.openshift.io [] [] [create] | |
subjectrulesreviews.authorization.openshift.io [] [] [create] | |
podsecuritypolicyreviews.security.openshift.io [] [] [create] | |
podsecuritypolicyselfsubjectreviews.security.openshift.io [] [] [create] | |
podsecuritypolicysubjectreviews.security.openshift.io [] [] [create] | |
namespaces [] [] [get get list watch] | |
securitycontextconstraints [] [] [get list watch get list watch] | |
controllerrevisions.apps [] [] [get list watch get list watch] | |
appliedclusterresourcequotas [] [] [get list watch] | |
bindings [] [] [get list watch] | |
brokertemplateinstances [] [] [get list watch] | |
buildconfigs/webhooks [] [] [get list watch] | |
buildconfigs [] [] [get list watch] | |
buildlogs [] [] [get list watch] | |
builds/details [] [] [get list watch] | |
builds/log [] [] [get list watch] | |
builds [] [] [get list watch] | |
clusternetworks [] [] [get list watch] | |
clusterresourcequotas/status [] [] [get list watch] | |
clusterresourcequotas [] [] [get list watch] | |
clusterrolebindings [] [] [get list watch] | |
clusterroles [] [] [get list watch] | |
componentstatuses [] [] [get list watch] | |
configmaps [] [] [get list watch] | |
deploymentconfigs/log [] [] [get list watch] | |
deploymentconfigs/scale [] [] [get list watch] | |
deploymentconfigs/status [] [] [get list watch] | |
deploymentconfigs [] [] [get list watch] | |
egressnetworkpolicies [] [] [get list watch] | |
endpoints [] [] [get list watch] | |
events [] [] [get list watch] | |
groups [] [] [get list watch] | |
hostsubnets [] [] [get list watch] | |
identities [] [] [get list watch] | |
images [] [] [get list watch] | |
imagesignatures [] [] [get list watch] | |
imagestreamimages [] [] [get list watch] | |
imagestreammappings [] [] [get list watch] | |
imagestreams/status [] [] [get list watch] | |
imagestreams [] [] [get list watch] | |
imagestreamtags [] [] [get list watch] | |
limitranges [] [] [get list watch] | |
namespaces/status [] [] [get list watch] | |
netnamespaces [] [] [get list watch] | |
nodes/status [] [] [get list watch] | |
nodes [] [] [get list watch] | |
oauthclientauthorizations [] [] [get list watch] | |
persistentvolumeclaims/status [] [] [get list watch] | |
persistentvolumeclaims [] [] [get list watch] | |
persistentvolumes/status [] [] [get list watch] | |
persistentvolumes [] [] [get list watch] | |
pods/binding [] [] [get list watch] | |
pods/eviction [] [] [get list watch] | |
pods/log [] [] [get list watch] | |
pods/status [] [] [get list watch] | |
pods [] [] [get list watch] | |
podtemplates [] [] [get list watch] | |
processedtemplates [] [] [get list watch] | |
projectrequests [] [] [get list watch] | |
replicationcontrollers/scale [] [] [get list watch] | |
replicationcontrollers/status [] [] [get list watch] | |
replicationcontrollers [] [] [get list watch] | |
resourcequotas/status [] [] [get list watch] | |
resourcequotas [] [] [get list watch] | |
resourcequotausages [] [] [get list watch] | |
rolebindingrestrictions [] [] [get list watch] | |
rolebindings [] [] [get list watch] | |
roles [] [] [get list watch] | |
routes/status [] [] [get list watch] | |
routes [] [] [get list watch] | |
serviceaccounts [] [] [get list watch] | |
services/status [] [] [get list watch] | |
services [] [] [get list watch] | |
templateconfigs [] [] [get list watch] | |
templateinstances/status [] [] [get list watch] | |
templateinstances [] [] [get list watch] | |
templates [] [] [get list watch] | |
useridentitymappings [] [] [get list watch] | |
users [] [] [get list watch] | |
mutatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch] | |
validatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch] | |
customresourcedefinitions.apiextensions.k8s.io/status [] [] [get list watch] | |
customresourcedefinitions.apiextensions.k8s.io [] [] [get list watch] | |
apiservices.apiregistration.k8s.io/status [] [] [get list watch] | |
apiservices.apiregistration.k8s.io [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/log [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/scale [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/status [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io [] [] [get list watch] | |
daemonsets.apps/status [] [] [get list watch] | |
daemonsets.apps [] [] [get list watch] | |
deployments.apps/scale [] [] [get list watch] | |
deployments.apps/status [] [] [get list watch] | |
deployments.apps [] [] [get list watch] | |
replicasets.apps/scale [] [] [get list watch] | |
replicasets.apps/status [] [] [get list watch] | |
replicasets.apps [] [] [get list watch] | |
statefulsets.apps/scale [] [] [get list watch] | |
statefulsets.apps/status [] [] [get list watch] | |
statefulsets.apps [] [] [get list watch] | |
clusterrolebindings.authorization.openshift.io [] [] [get list watch] | |
clusterroles.authorization.openshift.io [] [] [get list watch] | |
rolebindingrestrictions.authorization.openshift.io [] [] [get list watch] | |
rolebindings.authorization.openshift.io [] [] [get list watch] | |
roles.authorization.openshift.io [] [] [get list watch] | |
horizontalpodautoscalers.autoscaling/status [] [] [get list watch] | |
horizontalpodautoscalers.autoscaling [] [] [get list watch] | |
cronjobs.batch/status [] [] [get list watch] | |
cronjobs.batch [] [] [get list watch] | |
jobs.batch/status [] [] [get list watch] | |
jobs.batch [] [] [get list watch] | |
buildconfigs.build.openshift.io/webhooks [] [] [get list watch] | |
buildconfigs.build.openshift.io [] [] [get list watch] | |
buildlogs.build.openshift.io [] [] [get list watch] | |
builds.build.openshift.io/details [] [] [get list watch] | |
builds.build.openshift.io/log [] [] [get list watch] | |
builds.build.openshift.io [] [] [get list watch] | |
certificatesigningrequests.certificates.k8s.io/approval [] [] [get list watch] | |
certificatesigningrequests.certificates.k8s.io/status [] [] [get list watch] | |
certificatesigningrequests.certificates.k8s.io [] [] [get list watch] | |
credentialsrequests.cloudcredential.openshift.io [] [] [get list watch] | |
apiservers.config.openshift.io [] [] [get list watch] | |
authentications.config.openshift.io [] [] [get list watch] | |
builds.config.openshift.io [] [] [get list watch] | |
clusteroperators.config.openshift.io [] [] [get list watch] | |
clusterversions.config.openshift.io [] [] [get list watch] | |
consoles.config.openshift.io [] [] [get list watch] | |
dnses.config.openshift.io [] [] [get list watch] | |
featuregates.config.openshift.io [] [] [get list watch] | |
images.config.openshift.io [] [] [get list watch] | |
infrastructures.config.openshift.io [] [] [get list watch] | |
ingresses.config.openshift.io [] [] [get list watch] | |
networks.config.openshift.io [] [] [get list watch] | |
oauths.config.openshift.io [] [] [get list watch] | |
projects.config.openshift.io [] [] [get list watch] | |
proxies.config.openshift.io [] [] [get list watch] | |
schedulers.config.openshift.io [] [] [get list watch] | |
leases.coordination.k8s.io [] [] [get list watch] | |
events.events.k8s.io [] [] [get list watch] | |
daemonsets.extensions/status [] [] [get list watch] | |
daemonsets.extensions [] [] [get list watch] | |
deployments.extensions/scale [] [] [get list watch] | |
deployments.extensions/status [] [] [get list watch] | |
deployments.extensions [] [] [get list watch] | |
horizontalpodautoscalers.extensions/status [] [] [get list watch] | |
horizontalpodautoscalers.extensions [] [] [get list watch] | |
ingresses.extensions/status [] [] [get list watch] | |
ingresses.extensions [] [] [get list watch] | |
jobs.extensions/status [] [] [get list watch] | |
jobs.extensions [] [] [get list watch] | |
networkpolicies.extensions [] [] [get list watch] | |
podsecuritypolicies.extensions [] [] [get list watch] | |
replicasets.extensions/scale [] [] [get list watch] | |
replicasets.extensions/status [] [] [get list watch] | |
replicasets.extensions [] [] [get list watch] | |
replicationcontrollers.extensions/scale [] [] [get list watch] | |
replicationcontrollers.extensions [] [] [get list watch] | |
storageclasses.extensions [] [] [get list watch] | |
thirdpartyresources.extensions [] [] [get list watch] | |
images.image.openshift.io [] [] [get list watch] | |
imagesignatures.image.openshift.io [] [] [get list watch] | |
imagestreamimages.image.openshift.io [] [] [get list watch] | |
imagestreammappings.image.openshift.io [] [] [get list watch] | |
imagestreams.image.openshift.io/status [] [] [get list watch] | |
imagestreams.image.openshift.io [] [] [get list watch] | |
imagestreamtags.image.openshift.io [] [] [get list watch] | |
containerruntimeconfigs.machineconfiguration.openshift.io [] [] [get list watch] | |
controllerconfigs.machineconfiguration.openshift.io [] [] [get list watch] | |
kubeletconfigs.machineconfiguration.openshift.io [] [] [get list watch] | |
machineconfigpools.machineconfiguration.openshift.io [] [] [get list watch] | |
mcoconfigs.machineconfiguration.openshift.io [] [] [get list watch] | |
pods.metrics.k8s.io [] [] [get list watch] | |
clusternetworks.network.openshift.io [] [] [get list watch] | |
egressnetworkpolicies.network.openshift.io [] [] [get list watch] | |
hostsubnets.network.openshift.io [] [] [get list watch] | |
netnamespaces.network.openshift.io [] [] [get list watch] | |
networkpolicies.networking.k8s.io [] [] [get list watch] | |
oauthclientauthorizations.oauth.openshift.io [] [] [get list watch] | |
catalogsources.operators.coreos.com [] [] [get list watch] | |
clusterserviceversions.operators.coreos.com [] [] [get list watch] | |
installplans.operators.coreos.com [] [] [get list watch] | |
operatorgroups.operators.coreos.com [] [] [get list watch] | |
subscriptions.operators.coreos.com [] [] [get list watch] | |
packagemanifests.packages.operators.coreos.com [] [] [get list watch] | |
poddisruptionbudgets.policy/status [] [] [get list watch] | |
poddisruptionbudgets.policy [] [] [get list watch] | |
podsecuritypolicies.policy [] [] [get list watch] | |
projectrequests.project.openshift.io [] [] [get list watch] | |
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch] | |
clusterresourcequotas.quota.openshift.io/status [] [] [get list watch] | |
clusterresourcequotas.quota.openshift.io [] [] [get list watch] | |
clusterrolebindings.rbac.authorization.k8s.io [] [] [get list watch] | |
clusterroles.rbac.authorization.k8s.io [] [] [get list watch] | |
rolebindings.rbac.authorization.k8s.io [] [] [get list watch] | |
roles.rbac.authorization.k8s.io [] [] [get list watch] | |
routes.route.openshift.io/status [] [] [get list watch] | |
routes.route.openshift.io [] [] [get list watch] | |
priorityclasses.scheduling.k8s.io [] [] [get list watch] | |
rangeallocations.security.openshift.io [] [] [get list watch] | |
securitycontextconstraints.security.openshift.io [] [] [get list watch] | |
podpresets.settings.k8s.io [] [] [get list watch] | |
storageclasses.storage.k8s.io [] [] [get list watch] | |
volumeattachments.storage.k8s.io/status [] [] [get list watch] | |
volumeattachments.storage.k8s.io [] [] [get list watch] | |
brokertemplateinstances.template.openshift.io [] [] [get list watch] | |
processedtemplates.template.openshift.io [] [] [get list watch] | |
templateconfigs.template.openshift.io [] [] [get list watch] | |
templateinstances.template.openshift.io/status [] [] [get list watch] | |
templateinstances.template.openshift.io [] [] [get list watch] | |
templates.template.openshift.io [] [] [get list watch] | |
groups.user.openshift.io [] [] [get list watch] | |
identities.user.openshift.io [] [] [get list watch] | |
useridentitymappings.user.openshift.io [] [] [get list watch] | |
users.user.openshift.io [] [] [get list watch] | |
[*] [] [get] | |
imagestreams/layers [] [] [get] | |
nodes/metrics [] [] [get] | |
nodes/spec [] [] [get] | |
imagestreams.image.openshift.io/layers [] [] [get] | |
projects [] [] [list watch get] | |
projects.project.openshift.io [] [] [list watch get] | |
jenkins.build.openshift.io [] [] [view] | |
Name: cluster-samples-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
clusteroperators.config.openshift.io/status [] [] [*] | |
clusteroperators.config.openshift.io [] [] [*] | |
configs.samples.operator.openshift.io/status [] [] [*] | |
configs.samples.operator.openshift.io [] [] [*] | |
Name: cluster-status | |
Labels: <none> | |
Annotations: openshift.io/description: A user that can get basic cluster status information. | |
rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
[/.well-known/*] [] [get] | |
[/.well-known] [] [get] | |
[/] [] [get] | |
[/api/*] [] [get] | |
[/api] [] [get] | |
[/apis/*] [] [get] | |
[/apis] [] [get] | |
[/healthz/] [] [get] | |
[/healthz] [] [get] | |
[/oapi/*] [] [get] | |
[/oapi] [] [get] | |
[/openapi/v2] [] [get] | |
[/osapi/] [] [get] | |
[/osapi] [] [get] | |
[/swagger-2.0.0.pb-v1] [] [get] | |
[/swagger.json] [] [get] | |
[/swaggerapi/*] [] [get] | |
[/swaggerapi] [] [get] | |
[/version/*] [] [get] | |
[/version] [] [get] | |
Name: cluster-storage-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
clusteroperators.config.openshift.io [] [] [get list watch create] | |
infrastructures.config.openshift.io [] [] [get list watch] | |
storageclasses.storage.k8s.io [] [] [get watch list create delete patch update] | |
clusteroperators.config.openshift.io/status [] [] [update] | |
Name: console-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
oauthclients.oauth.openshift.io [] [console] [get list update watch] | |
clusteroperators.config.openshift.io/status [] [] [get list watch create update delete] | |
clusteroperators.config.openshift.io [] [] [get list watch create update delete] | |
consoles.config.openshift.io/status [] [] [get list watch create update delete] | |
consoles.config.openshift.io [] [] [get list watch create update delete] | |
consoles.operator.openshift.io/status [] [] [get list watch create update delete] | |
consoles.operator.openshift.io [] [] [get list watch create update delete] | |
infrastructures.config.openshift.io [] [] [get list watch] | |
Name: dns-monitoring | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
dnses.operator.openshift.io [] [] [get] | |
Name: edit | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
rbac.authorization.k8s.io/aggregate-to-admin=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
imagestreams [] [] [create delete deletecollection get list patch update watch create get list watch] | |
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch create get list watch] | |
secrets [] [] [create delete deletecollection get list patch update watch get list watch create delete deletecollection patch update] | |
buildconfigs/webhooks [] [] [create delete deletecollection get list patch update watch get list watch] | |
buildconfigs [] [] [create delete deletecollection get list patch update watch get list watch] | |
buildlogs [] [] [create delete deletecollection get list patch update watch get list watch] | |
deploymentconfigs/scale [] [] [create delete deletecollection get list patch update watch get list watch] | |
deploymentconfigs [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreamimages [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreammappings [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreamtags [] [] [create delete deletecollection get list patch update watch get list watch] | |
processedtemplates [] [] [create delete deletecollection get list patch update watch get list watch] | |
routes [] [] [create delete deletecollection get list patch update watch get list watch] | |
templateconfigs [] [] [create delete deletecollection get list patch update watch get list watch] | |
templateinstances [] [] [create delete deletecollection get list patch update watch get list watch] | |
templates [] [] [create delete deletecollection get list patch update watch get list watch] | |
deploymentconfigs.apps.openshift.io/scale [] [] [create delete deletecollection get list patch update watch get list watch] | |
deploymentconfigs.apps.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
buildconfigs.build.openshift.io/webhooks [] [] [create delete deletecollection get list patch update watch get list watch] | |
buildconfigs.build.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
buildlogs.build.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
routes.route.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
processedtemplates.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
templateconfigs.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
templateinstances.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
templates.template.openshift.io [] [] [create delete deletecollection get list patch update watch get list watch] | |
serviceaccounts [] [] [create delete deletecollection get list patch update watch impersonate create delete deletecollection patch update get list watch] | |
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch] | |
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch] | |
networkpolicies.extensions [] [] [create delete deletecollection patch update create delete deletecollection get list patch update watch get list watch] | |
networkpolicies.networking.k8s.io [] [] [create delete deletecollection patch update create delete deletecollection get list patch update watch get list watch] | |
configmaps [] [] [create delete deletecollection patch update get list watch] | |
endpoints [] [] [create delete deletecollection patch update get list watch] | |
persistentvolumeclaims [] [] [create delete deletecollection patch update get list watch] | |
pods [] [] [create delete deletecollection patch update get list watch] | |
replicationcontrollers/scale [] [] [create delete deletecollection patch update get list watch] | |
replicationcontrollers [] [] [create delete deletecollection patch update get list watch] | |
services [] [] [create delete deletecollection patch update get list watch] | |
daemonsets.apps [] [] [create delete deletecollection patch update get list watch] | |
deployments.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
deployments.apps [] [] [create delete deletecollection patch update get list watch] | |
replicasets.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
replicasets.apps [] [] [create delete deletecollection patch update get list watch] | |
statefulsets.apps/scale [] [] [create delete deletecollection patch update get list watch] | |
statefulsets.apps [] [] [create delete deletecollection patch update get list watch] | |
horizontalpodautoscalers.autoscaling [] [] [create delete deletecollection patch update get list watch] | |
cronjobs.batch [] [] [create delete deletecollection patch update get list watch] | |
jobs.batch [] [] [create delete deletecollection patch update get list watch] | |
daemonsets.extensions [] [] [create delete deletecollection patch update get list watch] | |
deployments.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
deployments.extensions [] [] [create delete deletecollection patch update get list watch] | |
ingresses.extensions [] [] [create delete deletecollection patch update get list watch] | |
replicasets.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
replicasets.extensions [] [] [create delete deletecollection patch update get list watch] | |
replicationcontrollers.extensions/scale [] [] [create delete deletecollection patch update get list watch] | |
poddisruptionbudgets.policy [] [] [create delete deletecollection patch update get list watch] | |
deployments.apps/rollback [] [] [create delete deletecollection patch update] | |
deployments.extensions/rollback [] [] [create delete deletecollection patch update] | |
subscriptions.operators.coreos.com [] [] [create update patch delete delete get list watch] | |
buildconfigs/instantiate [] [] [create] | |
buildconfigs/instantiatebinary [] [] [create] | |
builds/clone [] [] [create] | |
deploymentconfigrollbacks [] [] [create] | |
deploymentconfigs/instantiate [] [] [create] | |
deploymentconfigs/rollback [] [] [create] | |
imagestreamimports [] [] [create] | |
routes/custom-host [] [] [create] | |
deploymentconfigrollbacks.apps.openshift.io [] [] [create] | |
deploymentconfigs.apps.openshift.io/instantiate [] [] [create] | |
deploymentconfigs.apps.openshift.io/rollback [] [] [create] | |
buildconfigs.build.openshift.io/instantiate [] [] [create] | |
buildconfigs.build.openshift.io/instantiatebinary [] [] [create] | |
builds.build.openshift.io/clone [] [] [create] | |
imagestreamimports.image.openshift.io [] [] [create] | |
routes.route.openshift.io/custom-host [] [] [create] | |
catalogsources.operators.coreos.com [] [] [delete get list watch] | |
clusterserviceversions.operators.coreos.com [] [] [delete get list watch] | |
installplans.operators.coreos.com [] [] [delete get list watch] | |
jenkins.build.openshift.io [] [] [edit view view] | |
builds [] [] [get create delete deletecollection get list patch update watch get list watch] | |
builds.build.openshift.io [] [] [get create delete deletecollection get list patch update watch get list watch] | |
namespaces [] [] [get get list watch] | |
pods/attach [] [] [get list watch create delete deletecollection patch update] | |
pods/exec [] [] [get list watch create delete deletecollection patch update] | |
pods/portforward [] [] [get list watch create delete deletecollection patch update] | |
pods/proxy [] [] [get list watch create delete deletecollection patch update] | |
services/proxy [] [] [get list watch create delete deletecollection patch update] | |
packagemanifests.packages.operators.coreos.com [] [] [get list watch create update patch delete] | |
appliedclusterresourcequotas [] [] [get list watch] | |
bindings [] [] [get list watch] | |
builds/log [] [] [get list watch] | |
deploymentconfigs/log [] [] [get list watch] | |
deploymentconfigs/status [] [] [get list watch] | |
events [] [] [get list watch] | |
imagestreams/status [] [] [get list watch] | |
limitranges [] [] [get list watch] | |
namespaces/status [] [] [get list watch] | |
pods/log [] [] [get list watch] | |
pods/status [] [] [get list watch] | |
replicationcontrollers/status [] [] [get list watch] | |
resourcequotas/status [] [] [get list watch] | |
resourcequotas [] [] [get list watch] | |
resourcequotausages [] [] [get list watch] | |
routes/status [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/log [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/status [] [] [get list watch] | |
controllerrevisions.apps [] [] [get list watch] | |
builds.build.openshift.io/log [] [] [get list watch] | |
imagestreams.image.openshift.io/status [] [] [get list watch] | |
pods.metrics.k8s.io [] [] [get list watch] | |
operatorgroups.operators.coreos.com [] [] [get list watch] | |
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch] | |
routes.route.openshift.io/status [] [] [get list watch] | |
imagestreams/layers [] [] [get update get] | |
imagestreams.image.openshift.io/layers [] [] [get update get] | |
projects [] [] [get] | |
projects.project.openshift.io [] [] [get] | |
builds/details [] [] [update] | |
builds.build.openshift.io/details [] [] [update] | |
Name: global-operators-admin | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
Name: global-operators-edit | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
Name: global-operators-view | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
Name: grafana | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
Name: kube-apiserver | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
nodes/proxy [] [] [get create] | |
Name: kube-state-metrics | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
configmaps [] [] [list watch] | |
endpoints [] [] [list watch] | |
limitranges [] [] [list watch] | |
namespaces [] [] [list watch] | |
nodes [] [] [list watch] | |
persistentvolumeclaims [] [] [list watch] | |
persistentvolumes [] [] [list watch] | |
pods [] [] [list watch] | |
replicationcontrollers [] [] [list watch] | |
resourcequotas [] [] [list watch] | |
secrets [] [] [list watch] | |
services [] [] [list watch] | |
daemonsets.apps [] [] [list watch] | |
deployments.apps [] [] [list watch] | |
replicasets.apps [] [] [list watch] | |
statefulsets.apps [] [] [list watch] | |
horizontalpodautoscalers.autoscaling [] [] [list watch] | |
cronjobs.batch [] [] [list watch] | |
jobs.batch [] [] [list watch] | |
daemonsets.extensions [] [] [list watch] | |
deployments.extensions [] [] [list watch] | |
replicasets.extensions [] [] [list watch] | |
poddisruptionbudgets.policy [] [] [list watch] | |
Name: machine-api-manager | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
*.cluster.k8s.io [] [] [*] | |
*.healthchecking.openshift.io [] [] [*] | |
*.machine.openshift.io [] [] [*] | |
clusteroperators.config.openshift.io/status [] [] [create get update] | |
clusteroperators.config.openshift.io [] [] [create get update] | |
events [] [] [create watch list patch] | |
pods/eviction [] [] [create] | |
configmaps [] [] [get list watch create update patch delete] | |
nodes [] [] [get list watch create update patch delete] | |
deployments.apps [] [] [get list watch create update patch delete] | |
secrets [] [] [get list watch create] | |
baremetalhosts.metal3.io [] [] [get list watch update patch] | |
baremetalhosts.metalkube.org [] [] [get list watch update patch] | |
pods [] [] [get list watch] | |
featuregates.config.openshift.io/status [] [] [get list watch] | |
featuregates.config.openshift.io [] [] [get list watch] | |
daemonsets.extensions [] [] [get list watch] | |
infrastructures.config.openshift.io/status [] [] [get] | |
infrastructures.config.openshift.io [] [] [get] | |
Name: machine-config-controller | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
configmaps [] [] [*] | |
secrets [] [] [*] | |
clusterversions.config.openshift.io [] [] [*] | |
featuregates.config.openshift.io [] [] [*] | |
images.config.openshift.io [] [] [*] | |
*.machineconfiguration.openshift.io [] [] [*] | |
nodes [] [] [get list watch patch] | |
Name: machine-config-daemon | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
pods [] [] [*] | |
machineconfigs.machineconfiguration.openshift.io [] [] [*] | |
pods/eviction [] [] [create] | |
nodes [] [] [get list watch patch update] | |
daemonsets.extensions [] [] [get] | |
Name: machine-config-daemon-events | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch] | |
Name: machine-config-server | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
machineconfigpools.machineconfiguration.openshift.io [] [] [*] | |
machineconfigs.machineconfiguration.openshift.io [] [] [*] | |
Name: manager-role | |
Labels: <none> | |
Annotations: operator-sdk/primary-resource: mig/migration-controller | |
operator-sdk/primary-resource-type: MigrationController.migration.openshift.io | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
namespaces [] [] [get list watch create update patch delete] | |
persistentvolumeclaims [] [] [get list watch create update patch delete] | |
persistentvolumes [] [] [get list watch create update patch delete] | |
pods [] [] [get list watch create update patch delete] | |
secrets [] [] [get list watch create update patch delete] | |
services [] [] [get list watch create update patch delete] | |
mutatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch create update patch delete] | |
validatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch create update patch delete] | |
*.apps.openshift.io [] [] [get list watch create update patch delete] | |
clusters.clusterregistry.k8s.io [] [] [get list watch create update patch delete] | |
*.image.openshift.io [] [] [get list watch create update patch delete] | |
migclusters.migration.openshift.io [] [] [get list watch create update patch delete] | |
migmigrations.migration.openshift.io [] [] [get list watch create update patch delete] | |
migplans.migration.openshift.io [] [] [get list watch create update patch delete] | |
migstages.migration.openshift.io [] [] [get list watch create update patch delete] | |
migstorages.migration.openshift.io [] [] [get list watch create update patch delete] | |
*.velero.io [] [] [get list watch create update patch delete] | |
storageclasses.storage.k8s.io [] [] [get list watch] | |
namespaces/status [] [] [get update patch] | |
persistentvolumeclaims/status [] [] [get update patch] | |
persistentvolumes/status [] [] [get update patch] | |
pods/status [] [] [get update patch] | |
clusters.clusterregistry.k8s.io/status [] [] [get update patch] | |
migclusters.migration.openshift.io/status [] [] [get update patch] | |
migmigrations.migration.openshift.io/status [] [] [get update patch] | |
migplans.migration.openshift.io/status [] [] [get update patch] | |
migstages.migration.openshift.io/status [] [] [get update patch] | |
migstorages.migration.openshift.io/status [] [] [get update patch] | |
Name: marketplace-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
clusteroperators.config.openshift.io/status [] [] [create get update] | |
clusteroperators.config.openshift.io [] [] [create get update] | |
catalogsources.operators.coreos.com [] [] [get create delete update list] | |
Name: multus | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
pods/status [] [] [get list watch patch update] | |
pods [] [] [get list watch patch update] | |
namespaces [] [] [get list watch] | |
customresourcedefinitions.apiextensions.k8s.io/status [] [] [get list watch] | |
customresourcedefinitions.apiextensions.k8s.io [] [] [get list watch] | |
*.k8s.cni.cncf.io [] [] [get list watch] | |
Name: node-exporter | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
securitycontextconstraints.security.openshift.io [] [node-exporter] [use] | |
Name: olm-operators-admin | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
packagemanifests.packages.operators.coreos.com [] [] [*] | |
Name: olm-operators-edit | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
packagemanifests.packages.operators.coreos.com [] [] [create update patch delete] | |
Name: olm-operators-view | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
packagemanifests.packages.operators.coreos.com [] [] [get list watch] | |
Name: openshift-cluster-monitoring-admin | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
Name: openshift-cluster-monitoring-edit | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
Name: openshift-cluster-monitoring-view | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
Name: openshift-dns | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
endpoints [] [] [list watch] | |
namespaces [] [] [list watch] | |
pods [] [] [list watch] | |
services [] [] [list watch] | |
Name: openshift-dns-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
configmaps [] [] [*] | |
endpoints [] [] [*] | |
namespaces [] [] [*] | |
pods [] [] [*] | |
serviceaccounts [] [] [*] | |
services [] [] [*] | |
daemonsets.apps [] [] [*] | |
daemonsets.extensions [] [] [*] | |
dnses.operator.openshift.io [] [] [*] | |
clusterrolebindings.rbac.authorization.k8s.io [] [] [create get list watch] | |
clusterroles.rbac.authorization.k8s.io [] [] [create get list watch] | |
rolebindings.rbac.authorization.k8s.io [] [] [create get list watch] | |
roles.rbac.authorization.k8s.io [] [] [create get list watch] | |
clusteroperators.config.openshift.io [] [] [create get] | |
networks.config.openshift.io [] [] [create get] | |
servicemonitors.monitoring.coreos.com [] [] [create get] | |
clusteroperators.config.openshift.io/status [] [] [update] | |
dnses.operator.openshift.io/status [] [] [update] | |
Name: openshift-ingress-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
configmaps [] [] [*] | |
endpoints [] [] [*] | |
namespaces [] [] [*] | |
pods [] [] [*] | |
secrets [] [] [*] | |
serviceaccounts [] [] [*] | |
services [] [] [*] | |
deployments.apps [] [] [*] | |
clusterrolebindings.rbac.authorization.k8s.io [] [] [create get list watch] | |
clusterroles.rbac.authorization.k8s.io [] [] [create get list watch] | |
rolebindings.rbac.authorization.k8s.io [] [] [create get list watch] | |
roles.rbac.authorization.k8s.io [] [] [create get list watch] | |
clusteroperators.config.openshift.io [] [] [create get] | |
servicemonitors.monitoring.coreos.com [] [] [create get] | |
events [] [] [create] | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
dnses.config.openshift.io [] [] [get] | |
infrastructures.config.openshift.io [] [] [get] | |
ingresses.config.openshift.io [] [] [get] | |
routers.route.openshift.io/metrics [] [] [get] | |
ingresscontrollers.operator.openshift.io [] [] [list watch] | |
routes.route.openshift.io [] [] [list watch] | |
clusteroperators.config.openshift.io/status [] [] [update] | |
ingresscontrollers.operator.openshift.io/status [] [] [update] | |
routes.route.openshift.io/status [] [] [update] | |
securitycontextconstraints.security.openshift.io [] [hostnetwork] [use] | |
Name: openshift-ingress-router | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
endpoints [] [] [list watch] | |
namespaces [] [] [list watch] | |
services [] [] [list watch] | |
routes.route.openshift.io [] [] [list watch] | |
routes.route.openshift.io/status [] [] [update] | |
securitycontextconstraints.security.openshift.io [] [hostnetwork] [use] | |
Name: openshift-sdn | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
endpoints [] [] [get list watch] | |
namespaces [] [] [get list watch] | |
nodes [] [] [get list watch] | |
pods [] [] [get list watch] | |
services [] [] [get list watch] | |
networkpolicies.extensions [] [] [get list watch] | |
clusternetworks.network.openshift.io [] [] [get list watch] | |
egressnetworkpolicies.network.openshift.io [] [] [get list watch] | |
hostsubnets.network.openshift.io [] [] [get list watch] | |
netnamespaces.network.openshift.io [] [] [get list watch] | |
networkpolicies.networking.k8s.io [] [] [get list watch] | |
Name: openshift-sdn-controller | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
clusternetworks.network.openshift.io [] [] [get list watch create update patch] | |
egressnetworkpolicies.network.openshift.io [] [] [get list watch create update patch] | |
hostsubnets.network.openshift.io [] [] [get list watch create update patch] | |
netnamespaces.network.openshift.io [] [] [get list watch create update patch] | |
namespaces [] [] [list get watch] | |
nodes [] [] [list get watch] | |
Name: packagemanifests-v1-admin | |
Labels: olm.opgroup.permissions/aggregate-to-admin=olm-operators | |
rbac.authorization.k8s.io/aggregate-to-admin=true | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
packagemanifests.packages.operators.coreos.com [] [] [*] | |
Name: packagemanifests-v1-edit | |
Labels: olm.opgroup.permissions/aggregate-to-edit=olm-operators | |
rbac.authorization.k8s.io/aggregate-to-edit=true | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
packagemanifests.packages.operators.coreos.com [] [] [create update patch delete] | |
Name: packagemanifests-v1-view | |
Labels: olm.opgroup.permissions/aggregate-to-view=olm-operators | |
rbac.authorization.k8s.io/aggregate-to-view=true | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
packagemanifests.packages.operators.coreos.com [] [] [get list watch] | |
Name: packageserver.v0.9.0-cp7hq | |
Labels: olm.owner=packageserver.v0.9.0 | |
olm.owner.kind=ClusterServiceVersion | |
olm.owner.namespace=openshift-operator-lifecycle-manager | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
subjectaccessreviews.authorization.k8s.io [] [] [create get] | |
configmaps [] [] [get list watch] | |
catalogsources.operators.coreos.com [] [] [get list watch] | |
packagemanifests.packages.operators.coreos.com [] [] [get list] | |
Name: prometheus-adapter | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
namespaces [] [] [get list watch] | |
nodes [] [] [get list watch] | |
pods [] [] [get list watch] | |
services [] [] [get list watch] | |
Name: prometheus-k8s | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
[/metrics] [] [get] | |
namespaces [] [] [get] | |
nodes/metrics [] [] [get] | |
Name: prometheus-operator | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
configmaps [] [] [*] | |
secrets [] [] [*] | |
customresourcedefinitions.apiextensions.k8s.io [] [] [*] | |
statefulsets.apps [] [] [*] | |
alertmanagers.monitoring.coreos.com/finalizers [] [] [*] | |
alertmanagers.monitoring.coreos.com [] [] [*] | |
prometheuses.monitoring.coreos.com/finalizers [] [] [*] | |
prometheuses.monitoring.coreos.com [] [] [*] | |
prometheusrules.monitoring.coreos.com [] [] [*] | |
servicemonitors.monitoring.coreos.com [] [] [*] | |
endpoints [] [] [get create update delete] | |
services/finalizers [] [] [get create update delete] | |
services [] [] [get create update delete] | |
namespaces [] [] [get list watch] | |
pods [] [] [list delete] | |
nodes [] [] [list watch] | |
Name: registry-admin | |
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
imagestreamimages [] [] [create delete deletecollection get list patch update watch] | |
imagestreammappings [] [] [create delete deletecollection get list patch update watch] | |
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch] | |
imagestreams [] [] [create delete deletecollection get list patch update watch] | |
imagestreamtags [] [] [create delete deletecollection get list patch update watch] | |
rolebindings [] [] [create delete deletecollection get list patch update watch] | |
roles [] [] [create delete deletecollection get list patch update watch] | |
secrets [] [] [create delete deletecollection get list patch update watch] | |
serviceaccounts [] [] [create delete deletecollection get list patch update watch] | |
rolebindings.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
roles.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch] | |
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
rolebindings.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
roles.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreamimports [] [] [create] | |
localresourceaccessreviews [] [] [create] | |
localsubjectaccessreviews [] [] [create] | |
resourceaccessreviews [] [] [create] | |
subjectaccessreviews [] [] [create] | |
subjectrulesreviews [] [] [create] | |
localsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
localresourceaccessreviews.authorization.openshift.io [] [] [create] | |
localsubjectaccessreviews.authorization.openshift.io [] [] [create] | |
resourceaccessreviews.authorization.openshift.io [] [] [create] | |
subjectaccessreviews.authorization.openshift.io [] [] [create] | |
subjectrulesreviews.authorization.openshift.io [] [] [create] | |
imagestreamimports.image.openshift.io [] [] [create] | |
projects [] [] [delete get] | |
projects.project.openshift.io [] [] [delete get] | |
imagestreams/layers [] [] [get update] | |
imagestreams.image.openshift.io/layers [] [] [get update] | |
namespaces [] [] [get] | |
Name: registry-editor | |
Labels: rbac.authorization.k8s.io/aggregate-to-edit=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
imagestreamimages [] [] [create delete deletecollection get list patch update watch] | |
imagestreammappings [] [] [create delete deletecollection get list patch update watch] | |
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch] | |
imagestreams [] [] [create delete deletecollection get list patch update watch] | |
imagestreamtags [] [] [create delete deletecollection get list patch update watch] | |
secrets [] [] [create delete deletecollection get list patch update watch] | |
serviceaccounts [] [] [create delete deletecollection get list patch update watch] | |
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch] | |
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreamimports [] [] [create] | |
imagestreamimports.image.openshift.io [] [] [create] | |
imagestreams/layers [] [] [get update] | |
imagestreams.image.openshift.io/layers [] [] [get update] | |
namespaces [] [] [get] | |
projects [] [] [get] | |
projects.project.openshift.io [] [] [get] | |
Name: registry-monitoring | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
registry.image.openshift.io/metrics [] [] [get] | |
Name: registry-viewer | |
Labels: rbac.authorization.k8s.io/aggregate-to-view=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
imagestreamimages [] [] [get list watch] | |
imagestreammappings [] [] [get list watch] | |
imagestreams [] [] [get list watch] | |
imagestreamtags [] [] [get list watch] | |
imagestreamimages.image.openshift.io [] [] [get list watch] | |
imagestreammappings.image.openshift.io [] [] [get list watch] | |
imagestreams.image.openshift.io [] [] [get list watch] | |
imagestreamtags.image.openshift.io [] [] [get list watch] | |
imagestreams/layers [] [] [get] | |
namespaces [] [] [get] | |
projects [] [] [get] | |
imagestreams.image.openshift.io/layers [] [] [get] | |
projects.project.openshift.io [] [] [get] | |
Name: resource-metrics-server-resources | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
*.metrics.k8s.io [] [] [*] | |
Name: router-monitoring | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
routers.route.openshift.io/metrics [] [] [get] | |
Name: self-access-reviewer | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
selfsubjectrulesreviews [] [] [create] | |
selfsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
selfsubjectrulesreviews.authorization.openshift.io [] [] [create] | |
Name: self-provisioner | |
Labels: <none> | |
Annotations: openshift.io/description: A user that can request projects. | |
rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
projectrequests [] [] [create] | |
projectrequests.project.openshift.io [] [] [create] | |
Name: storage-admin | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
persistentvolumes [] [] [create delete deletecollection get list patch update watch] | |
storageclasses.storage.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
events [] [] [get list watch] | |
persistentvolumeclaims [] [] [get list watch] | |
Name: sudoer | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
groups [] [system:masters] [impersonate] | |
systemgroups [] [system:masters] [impersonate] | |
systemusers [] [system:admin] [impersonate] | |
users [] [system:admin] [impersonate] | |
groups.user.openshift.io [] [system:masters] [impersonate] | |
systemgroups.user.openshift.io [] [system:masters] [impersonate] | |
systemusers.user.openshift.io [] [system:admin] [impersonate] | |
users.user.openshift.io [] [system:admin] [impersonate] | |
Name: system:aggregate-to-admin | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
rbac.authorization.k8s.io/aggregate-to-admin=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
rolebindings.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
roles.rbac.authorization.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
localsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
Name: system:aggregate-to-edit | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
rbac.authorization.k8s.io/aggregate-to-edit=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
configmaps [] [] [create delete deletecollection patch update] | |
endpoints [] [] [create delete deletecollection patch update] | |
persistentvolumeclaims [] [] [create delete deletecollection patch update] | |
pods [] [] [create delete deletecollection patch update] | |
replicationcontrollers/scale [] [] [create delete deletecollection patch update] | |
replicationcontrollers [] [] [create delete deletecollection patch update] | |
services [] [] [create delete deletecollection patch update] | |
daemonsets.apps [] [] [create delete deletecollection patch update] | |
deployments.apps/rollback [] [] [create delete deletecollection patch update] | |
deployments.apps/scale [] [] [create delete deletecollection patch update] | |
deployments.apps [] [] [create delete deletecollection patch update] | |
replicasets.apps/scale [] [] [create delete deletecollection patch update] | |
replicasets.apps [] [] [create delete deletecollection patch update] | |
statefulsets.apps/scale [] [] [create delete deletecollection patch update] | |
statefulsets.apps [] [] [create delete deletecollection patch update] | |
horizontalpodautoscalers.autoscaling [] [] [create delete deletecollection patch update] | |
cronjobs.batch [] [] [create delete deletecollection patch update] | |
jobs.batch [] [] [create delete deletecollection patch update] | |
daemonsets.extensions [] [] [create delete deletecollection patch update] | |
deployments.extensions/rollback [] [] [create delete deletecollection patch update] | |
deployments.extensions/scale [] [] [create delete deletecollection patch update] | |
deployments.extensions [] [] [create delete deletecollection patch update] | |
ingresses.extensions [] [] [create delete deletecollection patch update] | |
networkpolicies.extensions [] [] [create delete deletecollection patch update] | |
replicasets.extensions/scale [] [] [create delete deletecollection patch update] | |
replicasets.extensions [] [] [create delete deletecollection patch update] | |
replicationcontrollers.extensions/scale [] [] [create delete deletecollection patch update] | |
networkpolicies.networking.k8s.io [] [] [create delete deletecollection patch update] | |
poddisruptionbudgets.policy [] [] [create delete deletecollection patch update] | |
pods/attach [] [] [get list watch create delete deletecollection patch update] | |
pods/exec [] [] [get list watch create delete deletecollection patch update] | |
pods/portforward [] [] [get list watch create delete deletecollection patch update] | |
pods/proxy [] [] [get list watch create delete deletecollection patch update] | |
secrets [] [] [get list watch create delete deletecollection patch update] | |
services/proxy [] [] [get list watch create delete deletecollection patch update] | |
serviceaccounts [] [] [impersonate create delete deletecollection patch update] | |
Name: system:aggregate-to-view | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
rbac.authorization.k8s.io/aggregate-to-view=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
bindings [] [] [get list watch] | |
configmaps [] [] [get list watch] | |
endpoints [] [] [get list watch] | |
events [] [] [get list watch] | |
limitranges [] [] [get list watch] | |
namespaces/status [] [] [get list watch] | |
namespaces [] [] [get list watch] | |
persistentvolumeclaims [] [] [get list watch] | |
pods/log [] [] [get list watch] | |
pods/status [] [] [get list watch] | |
pods [] [] [get list watch] | |
replicationcontrollers/scale [] [] [get list watch] | |
replicationcontrollers/status [] [] [get list watch] | |
replicationcontrollers [] [] [get list watch] | |
resourcequotas/status [] [] [get list watch] | |
resourcequotas [] [] [get list watch] | |
serviceaccounts [] [] [get list watch] | |
services [] [] [get list watch] | |
controllerrevisions.apps [] [] [get list watch] | |
daemonsets.apps [] [] [get list watch] | |
deployments.apps/scale [] [] [get list watch] | |
deployments.apps [] [] [get list watch] | |
replicasets.apps/scale [] [] [get list watch] | |
replicasets.apps [] [] [get list watch] | |
statefulsets.apps/scale [] [] [get list watch] | |
statefulsets.apps [] [] [get list watch] | |
horizontalpodautoscalers.autoscaling [] [] [get list watch] | |
cronjobs.batch [] [] [get list watch] | |
jobs.batch [] [] [get list watch] | |
daemonsets.extensions [] [] [get list watch] | |
deployments.extensions/scale [] [] [get list watch] | |
deployments.extensions [] [] [get list watch] | |
ingresses.extensions [] [] [get list watch] | |
networkpolicies.extensions [] [] [get list watch] | |
replicasets.extensions/scale [] [] [get list watch] | |
replicasets.extensions [] [] [get list watch] | |
replicationcontrollers.extensions/scale [] [] [get list watch] | |
networkpolicies.networking.k8s.io [] [] [get list watch] | |
poddisruptionbudgets.policy [] [] [get list watch] | |
Name: system:aggregated-metrics-reader | |
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true | |
rbac.authorization.k8s.io/aggregate-to-edit=true | |
rbac.authorization.k8s.io/aggregate-to-view=true | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
pods.metrics.k8s.io [] [] [get list watch] | |
Name: system:auth-delegator | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
Name: system:aws-cloud-provider | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
nodes [] [] [get patch] | |
Name: system:basic-user | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
selfsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
selfsubjectrulesreviews.authorization.k8s.io [] [] [create] | |
Name: system:build-strategy-custom | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
builds/custom [] [] [create] | |
builds.build.openshift.io/custom [] [] [create] | |
Name: system:build-strategy-docker | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
builds/docker [] [] [create] | |
builds/optimizeddocker [] [] [create] | |
builds.build.openshift.io/docker [] [] [create] | |
builds.build.openshift.io/optimizeddocker [] [] [create] | |
Name: system:build-strategy-jenkinspipeline | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
builds/jenkinspipeline [] [] [create] | |
builds.build.openshift.io/jenkinspipeline [] [] [create] | |
Name: system:build-strategy-source | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
builds/source [] [] [create] | |
builds.build.openshift.io/source [] [] [create] | |
Name: system:certificates.k8s.io:certificatesigningrequests:nodeclient | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
certificatesigningrequests.certificates.k8s.io/nodeclient [] [] [create] | |
Name: system:certificates.k8s.io:certificatesigningrequests:selfnodeclient | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
certificatesigningrequests.certificates.k8s.io/selfnodeclient [] [] [create] | |
Name: system:controller:attachdetach-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
volumeattachments.storage.k8s.io [] [] [create delete get list watch] | |
events [] [] [create patch update] | |
nodes [] [] [get list watch] | |
persistentvolumeclaims [] [] [list watch] | |
persistentvolumes [] [] [list watch] | |
pods [] [] [list watch] | |
nodes/status [] [] [patch update] | |
Name: system:controller:certificate-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
certificatesigningrequests.certificates.k8s.io [] [] [delete get list watch] | |
certificatesigningrequests.certificates.k8s.io/approval [] [] [update] | |
certificatesigningrequests.certificates.k8s.io/status [] [] [update] | |
Name: system:controller:clusterrole-aggregation-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
*.* [] [] [*] | |
[*] [] [*] | |
Name: system:controller:cronjob-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
jobs.batch [] [] [create delete get list patch update watch] | |
events [] [] [create patch update] | |
pods [] [] [delete list] | |
cronjobs.batch [] [] [get list update watch] | |
cronjobs.batch/finalizers [] [] [update] | |
cronjobs.batch/status [] [] [update] | |
Name: system:controller:daemon-set-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
controllerrevisions.apps [] [] [create delete get list patch update watch] | |
pods [] [] [create delete list patch watch] | |
events [] [] [create patch update] | |
pods/binding [] [] [create] | |
daemonsets.apps [] [] [get list watch] | |
daemonsets.extensions [] [] [get list watch] | |
nodes [] [] [list watch] | |
daemonsets.apps/finalizers [] [] [update] | |
daemonsets.apps/status [] [] [update] | |
daemonsets.extensions/finalizers [] [] [update] | |
daemonsets.extensions/status [] [] [update] | |
Name: system:controller:deployment-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
replicasets.apps [] [] [create delete get list patch update watch] | |
replicasets.extensions [] [] [create delete get list patch update watch] | |
events [] [] [create patch update] | |
pods [] [] [get list update watch] | |
deployments.apps [] [] [get list update watch] | |
deployments.extensions [] [] [get list update watch] | |
deployments.apps/finalizers [] [] [update] | |
deployments.apps/status [] [] [update] | |
deployments.extensions/finalizers [] [] [update] | |
deployments.extensions/status [] [] [update] | |
Name: system:controller:disruption-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
replicationcontrollers [] [] [get list watch] | |
deployments.apps [] [] [get list watch] | |
replicasets.apps [] [] [get list watch] | |
statefulsets.apps [] [] [get list watch] | |
deployments.extensions [] [] [get list watch] | |
replicasets.extensions [] [] [get list watch] | |
poddisruptionbudgets.policy [] [] [get list watch] | |
poddisruptionbudgets.policy/status [] [] [update] | |
Name: system:controller:endpoint-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
endpoints [] [] [create delete get list update] | |
events [] [] [create patch update] | |
endpoints/restricted [] [] [create] | |
pods [] [] [get list watch] | |
services [] [] [get list watch] | |
Name: system:controller:expand-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
persistentvolumes [] [] [get list patch update watch] | |
persistentvolumeclaims [] [] [get list watch] | |
storageclasses.storage.k8s.io [] [] [get list watch] | |
endpoints [] [] [get] | |
secrets [] [] [get] | |
services [] [] [get] | |
persistentvolumeclaims/status [] [] [patch update] | |
Name: system:controller:generic-garbage-collector | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
*.* [] [] [delete get list patch update watch] | |
Name: system:controller:horizontal-pod-autoscaler | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
horizontalpodautoscalers.autoscaling [] [] [get list watch] | |
*.custom.metrics.k8s.io [] [] [get list] | |
*.*/scale [] [] [get update] | |
services/proxy [] [http:heapster:] [get] | |
services/proxy [] [https:heapster:] [get] | |
pods [] [] [list] | |
pods.metrics.k8s.io [] [] [list] | |
horizontalpodautoscalers.autoscaling/status [] [] [update] | |
Name: system:controller:job-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
pods [] [] [create delete list patch watch] | |
events [] [] [create patch update] | |
jobs.batch [] [] [get list update watch] | |
jobs.batch/finalizers [] [] [update] | |
jobs.batch/status [] [] [update] | |
Name: system:controller:namespace-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
*.* [] [] [delete deletecollection get list] | |
namespaces [] [] [delete get list watch] | |
namespaces/finalize [] [] [update] | |
namespaces/status [] [] [update] | |
Name: system:controller:node-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
nodes [] [] [delete get list patch update] | |
pods [] [] [delete list] | |
nodes/status [] [] [patch update] | |
pods/status [] [] [update] | |
Name: system:controller:operator-lifecycle-manager | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
*.* [] [] [*] | |
[*] [] [*] | |
Name: system:controller:persistent-volume-binder | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
persistentvolumes [] [] [create delete get list update watch] | |
pods [] [] [create delete get list watch] | |
endpoints [] [] [create delete get] | |
services [] [] [create delete get] | |
persistentvolumeclaims [] [] [get list update watch] | |
storageclasses.storage.k8s.io [] [] [get list watch] | |
nodes [] [] [get list] | |
secrets [] [] [get] | |
persistentvolumeclaims/status [] [] [update] | |
persistentvolumes/status [] [] [update] | |
events [] [] [watch create patch update] | |
Name: system:controller:pod-garbage-collector | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
pods [] [] [delete list watch] | |
nodes [] [] [list] | |
Name: system:controller:pv-protection-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
persistentvolumes [] [] [get list update watch] | |
Name: system:controller:pvc-protection-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
persistentvolumeclaims [] [] [get list update watch] | |
pods [] [] [get list watch] | |
Name: system:controller:replicaset-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
pods [] [] [create delete list patch watch] | |
events [] [] [create patch update] | |
replicasets.apps [] [] [get list update watch] | |
replicasets.extensions [] [] [get list update watch] | |
replicasets.apps/finalizers [] [] [update] | |
replicasets.apps/status [] [] [update] | |
replicasets.extensions/finalizers [] [] [update] | |
replicasets.extensions/status [] [] [update] | |
Name: system:controller:replication-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
pods [] [] [create delete list patch watch] | |
events [] [] [create patch update] | |
replicationcontrollers [] [] [get list update watch] | |
replicationcontrollers/finalizers [] [] [update] | |
replicationcontrollers/status [] [] [update] | |
Name: system:controller:resourcequota-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
*.* [] [] [list watch] | |
resourcequotas/status [] [] [update] | |
Name: system:controller:route-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
nodes [] [] [list watch] | |
nodes/status [] [] [patch] | |
Name: system:controller:service-account-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
serviceaccounts [] [] [create] | |
Name: system:controller:service-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
services [] [] [get list watch] | |
nodes [] [] [list watch] | |
services/status [] [] [update] | |
Name: system:controller:statefulset-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
controllerrevisions.apps [] [] [create delete get list patch update watch] | |
persistentvolumeclaims [] [] [create get] | |
events [] [] [create patch update] | |
statefulsets.apps [] [] [get list watch] | |
pods [] [] [list watch create delete get patch update] | |
statefulsets.apps/finalizers [] [] [update] | |
statefulsets.apps/status [] [] [update] | |
Name: system:controller:ttl-controller | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
nodes [] [] [list patch update watch] | |
Name: system:csi-external-attacher | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create get list patch update watch] | |
persistentvolumes [] [] [get list patch update watch] | |
volumeattachments.storage.k8s.io [] [] [get list patch update watch] | |
nodes [] [] [get list watch] | |
Name: system:csi-external-provisioner | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
persistentvolumes [] [] [create delete get list watch] | |
events [] [] [create get list patch update watch] | |
persistentvolumeclaims [] [] [get list patch update watch] | |
nodes [] [] [get list watch] | |
storageclasses.storage.k8s.io [] [] [list watch] | |
Name: system:deployer | |
Labels: <none> | |
Annotations: openshift.io/description: Grants the right to deploy within a project. Used primarily with service accounts for automated deployments. | |
rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
pods [] [] [create get list watch] | |
events [] [] [create list] | |
imagestreamtags [] [] [create update] | |
imagestreamtags.image.openshift.io [] [] [create update] | |
replicationcontrollers [] [] [delete get list update watch] | |
replicationcontrollers/scale [] [] [get update] | |
pods/log [] [] [get] | |
Name: system:discovery | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
[/api/*] [] [get] | |
[/api] [] [get] | |
[/apis/*] [] [get] | |
[/apis] [] [get] | |
[/healthz] [] [get] | |
[/openapi/*] [] [get] | |
[/openapi] [] [get] | |
[/swagger-2.0.0.pb-v1] [] [get] | |
[/swagger.json] [] [get] | |
[/swaggerapi/*] [] [get] | |
[/swaggerapi] [] [get] | |
[/version/] [] [get] | |
[/version] [] [get] | |
Name: system:heapster | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [get list watch] | |
namespaces [] [] [get list watch] | |
nodes [] [] [get list watch] | |
pods [] [] [get list watch] | |
deployments.extensions [] [] [get list watch] | |
Name: system:image-auditor | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
images [] [] [get list patch update watch] | |
images.image.openshift.io [] [] [get list patch update watch] | |
Name: system:image-builder | |
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true | |
rbac.authorization.k8s.io/aggregate-to-edit=true | |
Annotations: openshift.io/description: | |
Grants the right to build, push and pull images from within a project. Used primarily with service accounts for builds. | |
rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
imagestreams [] [] [create] | |
imagestreams.image.openshift.io [] [] [create] | |
imagestreams/layers [] [] [get update] | |
imagestreams.image.openshift.io/layers [] [] [get update] | |
builds [] [] [get] | |
builds.build.openshift.io [] [] [get] | |
builds/details [] [] [update] | |
builds.build.openshift.io/details [] [] [update] | |
Name: system:image-pruner | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
images [] [] [delete get list watch] | |
images.image.openshift.io [] [] [delete get list watch] | |
imagestreams [] [] [get list watch] | |
imagestreams.image.openshift.io [] [] [get list watch] | |
buildconfigs [] [] [get list] | |
builds [] [] [get list] | |
deploymentconfigs [] [] [get list] | |
pods [] [] [get list] | |
replicationcontrollers [] [] [get list] | |
deploymentconfigs.apps.openshift.io [] [] [get list] | |
daemonsets.apps [] [] [get list] | |
deployments.apps [] [] [get list] | |
replicasets.apps [] [] [get list] | |
buildconfigs.build.openshift.io [] [] [get list] | |
builds.build.openshift.io [] [] [get list] | |
daemonsets.extensions [] [] [get list] | |
deployments.extensions [] [] [get list] | |
replicasets.extensions [] [] [get list] | |
limitranges [] [] [list] | |
imagestreams/status [] [] [update] | |
imagestreams.image.openshift.io/status [] [] [update] | |
Name: system:image-puller | |
Labels: <none> | |
Annotations: openshift.io/description: Grants the right to pull images from within a project. | |
rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
imagestreams/layers [] [] [get] | |
imagestreams.image.openshift.io/layers [] [] [get] | |
Name: system:image-pusher | |
Labels: <none> | |
Annotations: openshift.io/description: Grants the right to push and pull images from within a project. | |
rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
imagestreams/layers [] [] [get update] | |
imagestreams.image.openshift.io/layers [] [] [get update] | |
Name: system:image-signer | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
imagesignatures [] [] [create delete] | |
imagesignatures.image.openshift.io [] [] [create delete] | |
images [] [] [get] | |
imagestreams/layers [] [] [get] | |
images.image.openshift.io [] [] [get] | |
imagestreams.image.openshift.io/layers [] [] [get] | |
Name: system:kube-aggregator | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
endpoints [] [] [get list watch] | |
services [] [] [get list watch] | |
Name: system:kube-controller-manager | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
secrets [] [] [create delete get update] | |
endpoints [] [] [create get update] | |
serviceaccounts [] [] [create get update] | |
events [] [] [create patch update] | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
configmaps [] [] [get] | |
namespaces [] [] [get] | |
*.* [] [] [list watch] | |
Name: system:kube-dns | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
endpoints [] [] [list watch] | |
services [] [] [list watch] | |
Name: system:kube-scheduler | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
bindings [] [] [create] | |
endpoints [] [] [create] | |
pods/binding [] [] [create] | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
pods [] [] [delete get list watch] | |
endpoints [] [kube-scheduler] [delete get patch update] | |
nodes [] [] [get list watch] | |
persistentvolumeclaims [] [] [get list watch] | |
persistentvolumes [] [] [get list watch] | |
replicationcontrollers [] [] [get list watch] | |
services [] [] [get list watch] | |
replicasets.apps [] [] [get list watch] | |
statefulsets.apps [] [] [get list watch] | |
replicasets.extensions [] [] [get list watch] | |
poddisruptionbudgets.policy [] [] [get list watch] | |
pods/status [] [] [patch update] | |
Name: system:kubelet-api-admin | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
nodes/log [] [] [*] | |
nodes/metrics [] [] [*] | |
nodes/proxy [] [] [*] | |
nodes/spec [] [] [*] | |
nodes/stats [] [] [*] | |
nodes [] [] [get list watch proxy] | |
Name: system:master | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
*.* [] [] [*] | |
[*] [] [*] | |
Name: system:node | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
nodes [] [] [create get list watch patch update] | |
certificatesigningrequests.certificates.k8s.io [] [] [create get list watch] | |
events [] [] [create patch update] | |
pods/eviction [] [] [create] | |
serviceaccounts/token [] [] [create] | |
tokenreviews.authentication.k8s.io [] [] [create] | |
localsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
pods [] [] [get list watch create delete] | |
configmaps [] [] [get list watch] | |
secrets [] [] [get list watch] | |
services [] [] [get list watch] | |
persistentvolumeclaims/status [] [] [get patch update] | |
endpoints [] [] [get] | |
persistentvolumeclaims [] [] [get] | |
persistentvolumes [] [] [get] | |
volumeattachments.storage.k8s.io [] [] [get] | |
nodes/status [] [] [patch update] | |
pods/status [] [] [patch update] | |
Name: system:node-admin | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
nodes/log [] [] [*] | |
nodes/metrics [] [] [*] | |
nodes/proxy [] [] [*] | |
nodes/spec [] [] [*] | |
nodes/stats [] [] [*] | |
nodes [] [] [get list watch proxy] | |
Name: system:node-bootstrapper | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
certificatesigningrequests.certificates.k8s.io [] [] [create get list watch] | |
Name: system:node-problem-detector | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
nodes [] [] [get] | |
nodes/status [] [] [patch] | |
Name: system:node-proxier | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
nodes [] [] [get] | |
endpoints [] [] [list watch] | |
services [] [] [list watch] | |
Name: system:node-reader | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
nodes/stats [] [] [create get] | |
nodes [] [] [get list watch] | |
nodes/metrics [] [] [get] | |
nodes/spec [] [] [get] | |
Name: system:oauth-token-deleter | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
oauthaccesstokens [] [] [delete] | |
oauthauthorizetokens [] [] [delete] | |
oauthaccesstokens.oauth.openshift.io [] [] [delete] | |
oauthauthorizetokens.oauth.openshift.io [] [] [delete] | |
Name: system:openshift:aggregate-to-admin | |
Labels: rbac.authorization.k8s.io/aggregate-to-admin=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
jenkins.build.openshift.io [] [] [admin edit view] | |
buildconfigs/webhooks [] [] [create delete deletecollection get list patch update watch] | |
buildconfigs [] [] [create delete deletecollection get list patch update watch] | |
buildlogs [] [] [create delete deletecollection get list patch update watch] | |
builds [] [] [create delete deletecollection get list patch update watch] | |
deploymentconfigs/scale [] [] [create delete deletecollection get list patch update watch] | |
deploymentconfigs [] [] [create delete deletecollection get list patch update watch] | |
imagestreamimages [] [] [create delete deletecollection get list patch update watch] | |
imagestreammappings [] [] [create delete deletecollection get list patch update watch] | |
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch] | |
imagestreams [] [] [create delete deletecollection get list patch update watch] | |
imagestreamtags [] [] [create delete deletecollection get list patch update watch] | |
processedtemplates [] [] [create delete deletecollection get list patch update watch] | |
rolebindings [] [] [create delete deletecollection get list patch update watch] | |
roles [] [] [create delete deletecollection get list patch update watch] | |
routes [] [] [create delete deletecollection get list patch update watch] | |
templateconfigs [] [] [create delete deletecollection get list patch update watch] | |
templateinstances [] [] [create delete deletecollection get list patch update watch] | |
templates [] [] [create delete deletecollection get list patch update watch] | |
deploymentconfigs.apps.openshift.io/scale [] [] [create delete deletecollection get list patch update watch] | |
deploymentconfigs.apps.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
rolebindings.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
roles.authorization.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
buildconfigs.build.openshift.io/webhooks [] [] [create delete deletecollection get list patch update watch] | |
buildconfigs.build.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
buildlogs.build.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
builds.build.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
networkpolicies.extensions [] [] [create delete deletecollection get list patch update watch] | |
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch] | |
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
networkpolicies.networking.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
routes.route.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
processedtemplates.template.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
templateconfigs.template.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
templateinstances.template.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
templates.template.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
buildconfigs/instantiate [] [] [create] | |
buildconfigs/instantiatebinary [] [] [create] | |
builds/clone [] [] [create] | |
deploymentconfigrollbacks [] [] [create] | |
deploymentconfigs/instantiate [] [] [create] | |
deploymentconfigs/rollback [] [] [create] | |
imagestreamimports [] [] [create] | |
localresourceaccessreviews [] [] [create] | |
localsubjectaccessreviews [] [] [create] | |
podsecuritypolicyreviews [] [] [create] | |
podsecuritypolicyselfsubjectreviews [] [] [create] | |
podsecuritypolicysubjectreviews [] [] [create] | |
resourceaccessreviews [] [] [create] | |
routes/custom-host [] [] [create] | |
subjectaccessreviews [] [] [create] | |
subjectrulesreviews [] [] [create] | |
deploymentconfigrollbacks.apps.openshift.io [] [] [create] | |
deploymentconfigs.apps.openshift.io/instantiate [] [] [create] | |
deploymentconfigs.apps.openshift.io/rollback [] [] [create] | |
localresourceaccessreviews.authorization.openshift.io [] [] [create] | |
localsubjectaccessreviews.authorization.openshift.io [] [] [create] | |
resourceaccessreviews.authorization.openshift.io [] [] [create] | |
subjectaccessreviews.authorization.openshift.io [] [] [create] | |
subjectrulesreviews.authorization.openshift.io [] [] [create] | |
buildconfigs.build.openshift.io/instantiate [] [] [create] | |
buildconfigs.build.openshift.io/instantiatebinary [] [] [create] | |
builds.build.openshift.io/clone [] [] [create] | |
imagestreamimports.image.openshift.io [] [] [create] | |
routes.route.openshift.io/custom-host [] [] [create] | |
podsecuritypolicyreviews.security.openshift.io [] [] [create] | |
podsecuritypolicyselfsubjectreviews.security.openshift.io [] [] [create] | |
podsecuritypolicysubjectreviews.security.openshift.io [] [] [create] | |
projects [] [] [delete get patch update] | |
projects.project.openshift.io [] [] [delete get patch update] | |
routes/status [] [] [get list watch update] | |
routes.route.openshift.io/status [] [] [get list watch update] | |
appliedclusterresourcequotas [] [] [get list watch] | |
builds/log [] [] [get list watch] | |
deploymentconfigs/log [] [] [get list watch] | |
deploymentconfigs/status [] [] [get list watch] | |
imagestreams/status [] [] [get list watch] | |
resourcequotausages [] [] [get list watch] | |
rolebindingrestrictions [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/log [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/status [] [] [get list watch] | |
rolebindingrestrictions.authorization.openshift.io [] [] [get list watch] | |
builds.build.openshift.io/log [] [] [get list watch] | |
imagestreams.image.openshift.io/status [] [] [get list watch] | |
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch] | |
imagestreams/layers [] [] [get update] | |
imagestreams.image.openshift.io/layers [] [] [get update] | |
builds/details [] [] [update] | |
builds.build.openshift.io/details [] [] [update] | |
Name: system:openshift:aggregate-to-cluster-reader | |
Labels: rbac.authorization.k8s.io/aggregate-to-cluster-reader=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
nodes/stats [] [] [create get] | |
localresourceaccessreviews [] [] [create] | |
localsubjectaccessreviews [] [] [create] | |
podsecuritypolicyreviews [] [] [create] | |
podsecuritypolicyselfsubjectreviews [] [] [create] | |
podsecuritypolicysubjectreviews [] [] [create] | |
resourceaccessreviews [] [] [create] | |
selfsubjectrulesreviews [] [] [create] | |
subjectaccessreviews [] [] [create] | |
subjectrulesreviews [] [] [create] | |
tokenreviews.authentication.k8s.io [] [] [create] | |
localsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
selfsubjectaccessreviews.authorization.k8s.io [] [] [create] | |
selfsubjectrulesreviews.authorization.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
localresourceaccessreviews.authorization.openshift.io [] [] [create] | |
localsubjectaccessreviews.authorization.openshift.io [] [] [create] | |
resourceaccessreviews.authorization.openshift.io [] [] [create] | |
selfsubjectrulesreviews.authorization.openshift.io [] [] [create] | |
subjectaccessreviews.authorization.openshift.io [] [] [create] | |
subjectrulesreviews.authorization.openshift.io [] [] [create] | |
podsecuritypolicyreviews.security.openshift.io [] [] [create] | |
podsecuritypolicyselfsubjectreviews.security.openshift.io [] [] [create] | |
podsecuritypolicysubjectreviews.security.openshift.io [] [] [create] | |
securitycontextconstraints [] [] [get list watch get list watch] | |
brokertemplateinstances [] [] [get list watch] | |
builds/details [] [] [get list watch] | |
clusternetworks [] [] [get list watch] | |
clusterresourcequotas/status [] [] [get list watch] | |
clusterresourcequotas [] [] [get list watch] | |
clusterrolebindings [] [] [get list watch] | |
clusterroles [] [] [get list watch] | |
componentstatuses [] [] [get list watch] | |
egressnetworkpolicies [] [] [get list watch] | |
groups [] [] [get list watch] | |
hostsubnets [] [] [get list watch] | |
identities [] [] [get list watch] | |
images [] [] [get list watch] | |
imagesignatures [] [] [get list watch] | |
netnamespaces [] [] [get list watch] | |
nodes/status [] [] [get list watch] | |
nodes [] [] [get list watch] | |
oauthclientauthorizations [] [] [get list watch] | |
persistentvolumeclaims/status [] [] [get list watch] | |
persistentvolumes/status [] [] [get list watch] | |
persistentvolumes [] [] [get list watch] | |
pods/binding [] [] [get list watch] | |
pods/eviction [] [] [get list watch] | |
podtemplates [] [] [get list watch] | |
projectrequests [] [] [get list watch] | |
rolebindingrestrictions [] [] [get list watch] | |
rolebindings [] [] [get list watch] | |
roles [] [] [get list watch] | |
services/status [] [] [get list watch] | |
templateinstances/status [] [] [get list watch] | |
useridentitymappings [] [] [get list watch] | |
users [] [] [get list watch] | |
mutatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch] | |
validatingwebhookconfigurations.admissionregistration.k8s.io [] [] [get list watch] | |
customresourcedefinitions.apiextensions.k8s.io/status [] [] [get list watch] | |
customresourcedefinitions.apiextensions.k8s.io [] [] [get list watch] | |
apiservices.apiregistration.k8s.io/status [] [] [get list watch] | |
apiservices.apiregistration.k8s.io [] [] [get list watch] | |
controllerrevisions.apps [] [] [get list watch] | |
daemonsets.apps/status [] [] [get list watch] | |
deployments.apps/status [] [] [get list watch] | |
replicasets.apps/status [] [] [get list watch] | |
statefulsets.apps/status [] [] [get list watch] | |
clusterrolebindings.authorization.openshift.io [] [] [get list watch] | |
clusterroles.authorization.openshift.io [] [] [get list watch] | |
rolebindingrestrictions.authorization.openshift.io [] [] [get list watch] | |
rolebindings.authorization.openshift.io [] [] [get list watch] | |
roles.authorization.openshift.io [] [] [get list watch] | |
horizontalpodautoscalers.autoscaling/status [] [] [get list watch] | |
cronjobs.batch/status [] [] [get list watch] | |
jobs.batch/status [] [] [get list watch] | |
builds.build.openshift.io/details [] [] [get list watch] | |
certificatesigningrequests.certificates.k8s.io/approval [] [] [get list watch] | |
certificatesigningrequests.certificates.k8s.io/status [] [] [get list watch] | |
certificatesigningrequests.certificates.k8s.io [] [] [get list watch] | |
leases.coordination.k8s.io [] [] [get list watch] | |
events.events.k8s.io [] [] [get list watch] | |
daemonsets.extensions/status [] [] [get list watch] | |
deployments.extensions/status [] [] [get list watch] | |
horizontalpodautoscalers.extensions/status [] [] [get list watch] | |
horizontalpodautoscalers.extensions [] [] [get list watch] | |
ingresses.extensions/status [] [] [get list watch] | |
jobs.extensions/status [] [] [get list watch] | |
jobs.extensions [] [] [get list watch] | |
podsecuritypolicies.extensions [] [] [get list watch] | |
replicasets.extensions/status [] [] [get list watch] | |
replicationcontrollers.extensions [] [] [get list watch] | |
storageclasses.extensions [] [] [get list watch] | |
thirdpartyresources.extensions [] [] [get list watch] | |
images.image.openshift.io [] [] [get list watch] | |
imagesignatures.image.openshift.io [] [] [get list watch] | |
clusternetworks.network.openshift.io [] [] [get list watch] | |
egressnetworkpolicies.network.openshift.io [] [] [get list watch] | |
hostsubnets.network.openshift.io [] [] [get list watch] | |
netnamespaces.network.openshift.io [] [] [get list watch] | |
oauthclientauthorizations.oauth.openshift.io [] [] [get list watch] | |
poddisruptionbudgets.policy/status [] [] [get list watch] | |
podsecuritypolicies.policy [] [] [get list watch] | |
projectrequests.project.openshift.io [] [] [get list watch] | |
clusterresourcequotas.quota.openshift.io/status [] [] [get list watch] | |
clusterresourcequotas.quota.openshift.io [] [] [get list watch] | |
clusterrolebindings.rbac.authorization.k8s.io [] [] [get list watch] | |
clusterroles.rbac.authorization.k8s.io [] [] [get list watch] | |
rolebindings.rbac.authorization.k8s.io [] [] [get list watch] | |
roles.rbac.authorization.k8s.io [] [] [get list watch] | |
priorityclasses.scheduling.k8s.io [] [] [get list watch] | |
rangeallocations.security.openshift.io [] [] [get list watch] | |
securitycontextconstraints.security.openshift.io [] [] [get list watch] | |
podpresets.settings.k8s.io [] [] [get list watch] | |
storageclasses.storage.k8s.io [] [] [get list watch] | |
volumeattachments.storage.k8s.io/status [] [] [get list watch] | |
volumeattachments.storage.k8s.io [] [] [get list watch] | |
brokertemplateinstances.template.openshift.io [] [] [get list watch] | |
templateinstances.template.openshift.io/status [] [] [get list watch] | |
groups.user.openshift.io [] [] [get list watch] | |
identities.user.openshift.io [] [] [get list watch] | |
useridentitymappings.user.openshift.io [] [] [get list watch] | |
users.user.openshift.io [] [] [get list watch] | |
[*] [] [get] | |
imagestreams/layers [] [] [get] | |
nodes/metrics [] [] [get] | |
nodes/spec [] [] [get] | |
imagestreams.image.openshift.io/layers [] [] [get] | |
projects [] [] [list watch] | |
projects.project.openshift.io [] [] [list watch] | |
Name: system:openshift:aggregate-to-edit | |
Labels: rbac.authorization.k8s.io/aggregate-to-edit=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
buildconfigs/webhooks [] [] [create delete deletecollection get list patch update watch] | |
buildconfigs [] [] [create delete deletecollection get list patch update watch] | |
buildlogs [] [] [create delete deletecollection get list patch update watch] | |
builds [] [] [create delete deletecollection get list patch update watch] | |
deploymentconfigs/scale [] [] [create delete deletecollection get list patch update watch] | |
deploymentconfigs [] [] [create delete deletecollection get list patch update watch] | |
imagestreamimages [] [] [create delete deletecollection get list patch update watch] | |
imagestreammappings [] [] [create delete deletecollection get list patch update watch] | |
imagestreams/secrets [] [] [create delete deletecollection get list patch update watch] | |
imagestreams [] [] [create delete deletecollection get list patch update watch] | |
imagestreamtags [] [] [create delete deletecollection get list patch update watch] | |
processedtemplates [] [] [create delete deletecollection get list patch update watch] | |
routes [] [] [create delete deletecollection get list patch update watch] | |
templateconfigs [] [] [create delete deletecollection get list patch update watch] | |
templateinstances [] [] [create delete deletecollection get list patch update watch] | |
templates [] [] [create delete deletecollection get list patch update watch] | |
deploymentconfigs.apps.openshift.io/scale [] [] [create delete deletecollection get list patch update watch] | |
deploymentconfigs.apps.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
buildconfigs.build.openshift.io/webhooks [] [] [create delete deletecollection get list patch update watch] | |
buildconfigs.build.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
buildlogs.build.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
builds.build.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
networkpolicies.extensions [] [] [create delete deletecollection get list patch update watch] | |
imagestreamimages.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreammappings.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreams.image.openshift.io/secrets [] [] [create delete deletecollection get list patch update watch] | |
imagestreams.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
imagestreamtags.image.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
networkpolicies.networking.k8s.io [] [] [create delete deletecollection get list patch update watch] | |
routes.route.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
processedtemplates.template.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
templateconfigs.template.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
templateinstances.template.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
templates.template.openshift.io [] [] [create delete deletecollection get list patch update watch] | |
buildconfigs/instantiate [] [] [create] | |
buildconfigs/instantiatebinary [] [] [create] | |
builds/clone [] [] [create] | |
deploymentconfigrollbacks [] [] [create] | |
deploymentconfigs/instantiate [] [] [create] | |
deploymentconfigs/rollback [] [] [create] | |
imagestreamimports [] [] [create] | |
routes/custom-host [] [] [create] | |
deploymentconfigrollbacks.apps.openshift.io [] [] [create] | |
deploymentconfigs.apps.openshift.io/instantiate [] [] [create] | |
deploymentconfigs.apps.openshift.io/rollback [] [] [create] | |
buildconfigs.build.openshift.io/instantiate [] [] [create] | |
buildconfigs.build.openshift.io/instantiatebinary [] [] [create] | |
builds.build.openshift.io/clone [] [] [create] | |
imagestreamimports.image.openshift.io [] [] [create] | |
routes.route.openshift.io/custom-host [] [] [create] | |
jenkins.build.openshift.io [] [] [edit view] | |
appliedclusterresourcequotas [] [] [get list watch] | |
builds/log [] [] [get list watch] | |
deploymentconfigs/log [] [] [get list watch] | |
deploymentconfigs/status [] [] [get list watch] | |
imagestreams/status [] [] [get list watch] | |
resourcequotausages [] [] [get list watch] | |
routes/status [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/log [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/status [] [] [get list watch] | |
builds.build.openshift.io/log [] [] [get list watch] | |
imagestreams.image.openshift.io/status [] [] [get list watch] | |
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch] | |
routes.route.openshift.io/status [] [] [get list watch] | |
imagestreams/layers [] [] [get update] | |
imagestreams.image.openshift.io/layers [] [] [get update] | |
projects [] [] [get] | |
projects.project.openshift.io [] [] [get] | |
builds/details [] [] [update] | |
builds.build.openshift.io/details [] [] [update] | |
Name: system:openshift:aggregate-to-view | |
Labels: rbac.authorization.k8s.io/aggregate-to-view=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
appliedclusterresourcequotas [] [] [get list watch] | |
buildconfigs/webhooks [] [] [get list watch] | |
buildconfigs [] [] [get list watch] | |
buildlogs [] [] [get list watch] | |
builds/log [] [] [get list watch] | |
builds [] [] [get list watch] | |
deploymentconfigs/log [] [] [get list watch] | |
deploymentconfigs/scale [] [] [get list watch] | |
deploymentconfigs/status [] [] [get list watch] | |
deploymentconfigs [] [] [get list watch] | |
imagestreamimages [] [] [get list watch] | |
imagestreammappings [] [] [get list watch] | |
imagestreams/status [] [] [get list watch] | |
imagestreams [] [] [get list watch] | |
imagestreamtags [] [] [get list watch] | |
processedtemplates [] [] [get list watch] | |
resourcequotausages [] [] [get list watch] | |
routes/status [] [] [get list watch] | |
routes [] [] [get list watch] | |
templateconfigs [] [] [get list watch] | |
templateinstances [] [] [get list watch] | |
templates [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/log [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/scale [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/status [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io [] [] [get list watch] | |
buildconfigs.build.openshift.io/webhooks [] [] [get list watch] | |
buildconfigs.build.openshift.io [] [] [get list watch] | |
buildlogs.build.openshift.io [] [] [get list watch] | |
builds.build.openshift.io/log [] [] [get list watch] | |
builds.build.openshift.io [] [] [get list watch] | |
imagestreamimages.image.openshift.io [] [] [get list watch] | |
imagestreammappings.image.openshift.io [] [] [get list watch] | |
imagestreams.image.openshift.io/status [] [] [get list watch] | |
imagestreams.image.openshift.io [] [] [get list watch] | |
imagestreamtags.image.openshift.io [] [] [get list watch] | |
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch] | |
routes.route.openshift.io/status [] [] [get list watch] | |
routes.route.openshift.io [] [] [get list watch] | |
processedtemplates.template.openshift.io [] [] [get list watch] | |
templateconfigs.template.openshift.io [] [] [get list watch] | |
templateinstances.template.openshift.io [] [] [get list watch] | |
templates.template.openshift.io [] [] [get list watch] | |
projects [] [] [get] | |
projects.project.openshift.io [] [] [get] | |
jenkins.build.openshift.io [] [] [view] | |
Name: system:openshift:cloud-credential-operator:cluster-reader | |
Labels: rbac.authorization.k8s.io/aggregate-to-cluster-reader=true | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
credentialsrequests.cloudcredential.openshift.io [] [] [get list watch] | |
Name: system:openshift:cluster-config-operator:cluster-reader | |
Labels: rbac.authorization.k8s.io/aggregate-to-cluster-reader=true | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
apiservers.config.openshift.io [] [] [get list watch] | |
authentications.config.openshift.io [] [] [get list watch] | |
builds.config.openshift.io [] [] [get list watch] | |
clusteroperators.config.openshift.io [] [] [get list watch] | |
clusterversions.config.openshift.io [] [] [get list watch] | |
consoles.config.openshift.io [] [] [get list watch] | |
dnses.config.openshift.io [] [] [get list watch] | |
featuregates.config.openshift.io [] [] [get list watch] | |
images.config.openshift.io [] [] [get list watch] | |
infrastructures.config.openshift.io [] [] [get list watch] | |
ingresses.config.openshift.io [] [] [get list watch] | |
networks.config.openshift.io [] [] [get list watch] | |
oauths.config.openshift.io [] [] [get list watch] | |
projects.config.openshift.io [] [] [get list watch] | |
proxies.config.openshift.io [] [] [get list watch] | |
schedulers.config.openshift.io [] [] [get list watch] | |
Name: system:openshift:controller:apiservice-cabundle-injector | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
apiservices.apiregistration.k8s.io [] [] [get list watch update patch] | |
Name: system:openshift:controller:build-config-change-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
buildconfigs/instantiate [] [] [create] | |
buildconfigs.build.openshift.io/instantiate [] [] [create] | |
builds [] [] [delete] | |
builds.build.openshift.io [] [] [delete] | |
buildconfigs [] [] [get list watch] | |
buildconfigs.build.openshift.io [] [] [get list watch] | |
Name: system:openshift:controller:build-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
pods [] [] [create delete get list] | |
configmaps [] [] [create get list] | |
events [] [] [create patch update] | |
builds/custom [] [] [create] | |
builds/docker [] [] [create] | |
builds/jenkinspipeline [] [] [create] | |
builds/optimizeddocker [] [] [create] | |
builds/source [] [] [create] | |
podsecuritypolicysubjectreviews [] [] [create] | |
builds.build.openshift.io/custom [] [] [create] | |
builds.build.openshift.io/docker [] [] [create] | |
builds.build.openshift.io/jenkinspipeline [] [] [create] | |
builds.build.openshift.io/optimizeddocker [] [] [create] | |
builds.build.openshift.io/source [] [] [create] | |
podsecuritypolicysubjectreviews.security.openshift.io [] [] [create] | |
builds [] [] [delete get list patch update watch] | |
builds.build.openshift.io [] [] [delete get list patch update watch] | |
imagestreams [] [] [get list] | |
secrets [] [] [get list] | |
serviceaccounts [] [] [get list] | |
builds.config.openshift.io [] [] [get list] | |
imagestreams.image.openshift.io [] [] [get list] | |
buildconfigs [] [] [get] | |
namespaces [] [] [get] | |
buildconfigs.build.openshift.io [] [] [get] | |
builds/finalizers [] [] [update] | |
builds.build.openshift.io/finalizers [] [] [update] | |
Name: system:openshift:controller:cluster-quota-reconciliation-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
configmaps [] [] [get list] | |
secrets [] [] [get list] | |
clusterresourcequotas/status [] [] [update] | |
clusterresourcequotas.quota.openshift.io/status [] [] [update] | |
Name: system:openshift:controller:configmap-cabundle-injector | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
configmaps [] [] [get list watch update] | |
Name: system:openshift:controller:default-rolebindings-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
rolebindings.rbac.authorization.k8s.io [] [] [create get list watch] | |
events [] [] [create patch update] | |
namespaces [] [] [get list watch] | |
Name: system:openshift:controller:deployer-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
pods [] [] [create delete get list patch watch] | |
events [] [] [create patch update] | |
replicationcontrollers [] [] [delete get list update watch] | |
replicationcontrollers/scale [] [] [get update] | |
Name: system:openshift:controller:deploymentconfig-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
replicationcontrollers [] [] [create delete get list patch update watch] | |
events [] [] [create patch update] | |
deploymentconfigs [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io [] [] [get list watch] | |
replicationcontrollers/scale [] [] [get update] | |
deploymentconfigs/finalizers [] [] [update] | |
deploymentconfigs/status [] [] [update] | |
deploymentconfigs.apps.openshift.io/finalizers [] [] [update] | |
deploymentconfigs.apps.openshift.io/status [] [] [update] | |
Name: system:openshift:controller:horizontal-pod-autoscaler | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
deploymentconfigs/scale [] [] [get update] | |
deploymentconfigs.apps.openshift.io/scale [] [] [get update] | |
Name: system:openshift:controller:image-import-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
images [] [] [create delete get list patch update watch] | |
images.image.openshift.io [] [] [create delete get list patch update watch] | |
imagestreams [] [] [create get list update watch] | |
imagestreams.image.openshift.io [] [] [create get list update watch] | |
events [] [] [create patch update] | |
imagestreamimports [] [] [create] | |
imagestreamimports.image.openshift.io [] [] [create] | |
Name: system:openshift:controller:image-trigger-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
buildconfigs/instantiate [] [] [create] | |
builds/custom [] [] [create] | |
builds/docker [] [] [create] | |
builds/jenkinspipeline [] [] [create] | |
builds/optimizeddocker [] [] [create] | |
builds/source [] [] [create] | |
buildconfigs.build.openshift.io/instantiate [] [] [create] | |
builds.build.openshift.io/custom [] [] [create] | |
builds.build.openshift.io/docker [] [] [create] | |
builds.build.openshift.io/jenkinspipeline [] [] [create] | |
builds.build.openshift.io/optimizeddocker [] [] [create] | |
builds.build.openshift.io/source [] [] [create] | |
deploymentconfigs [] [] [get update] | |
deploymentconfigs.apps.openshift.io [] [] [get update] | |
deployments.apps [] [] [get update] | |
statefulsets.apps [] [] [get update] | |
cronjobs.batch [] [] [get update] | |
daemonsets.extensions [] [] [get update] | |
deployments.extensions [] [] [get update] | |
imagestreams [] [] [list watch] | |
imagestreams.image.openshift.io [] [] [list watch] | |
Name: system:openshift:controller:ingress-to-route-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
routes.route.openshift.io [] [] [create delete get list patch update watch] | |
events [] [] [create patch update] | |
routes.route.openshift.io/custom-host [] [] [create update] | |
secrets [] [] [get list watch] | |
services [] [] [get list watch] | |
ingress.extensions [] [] [get list watch] | |
Name: system:openshift:controller:machine-approver | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
certificatesigningrequests.certificates.k8s.io [] [] [get list watch] | |
machines.machine.openshift.io [] [] [get list watch] | |
nodes [] [] [get] | |
certificatesigningrequests.certificates.k8s.io/approval [] [] [update] | |
Name: system:openshift:controller:namespace-security-allocation-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
rangeallocations.security.openshift.io [] [] [create get update] | |
events [] [] [create patch update] | |
namespaces [] [] [get list update watch] | |
Name: system:openshift:controller:origin-namespace-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
namespaces [] [] [get list watch] | |
namespaces/finalize [] [] [update] | |
namespaces/status [] [] [update] | |
Name: system:openshift:controller:pv-recycler-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
persistentvolumes [] [] [create delete get list update watch] | |
pods [] [] [create delete get list watch] | |
events [] [] [create patch update] | |
persistentvolumeclaims [] [] [get list update watch] | |
persistentvolumeclaims/status [] [] [update] | |
persistentvolumes/status [] [] [update] | |
Name: system:openshift:controller:resourcequota-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
configmaps [] [] [list] | |
replicationcontrollers [] [] [list] | |
resourcequotas [] [] [list] | |
secrets [] [] [list] | |
services [] [] [list] | |
resourcequotas/status [] [] [update] | |
Name: system:openshift:controller:sdn-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
hostsubnets [] [] [create delete get list update watch] | |
netnamespaces [] [] [create delete get list update watch] | |
hostsubnets.network.openshift.io [] [] [create delete get list update watch] | |
netnamespaces.network.openshift.io [] [] [create delete get list update watch] | |
clusternetworks [] [] [create get update] | |
clusternetworks.network.openshift.io [] [] [create get update] | |
events [] [] [create patch update] | |
namespaces [] [] [get list watch] | |
nodes [] [] [get list watch] | |
services [] [] [get list watch] | |
pods [] [] [get list] | |
nodes/status [] [] [update] | |
Name: system:openshift:controller:service-ingress-ip-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
services [] [] [list update watch] | |
services/status [] [] [update] | |
Name: system:openshift:controller:service-serving-cert-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
secrets [] [] [create delete get list update watch] | |
events [] [] [create patch update] | |
services [] [] [list update watch] | |
Name: system:openshift:controller:service-serving-cert-signer | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
secrets [] [] [get list watch create update patch] | |
services [] [] [get list watch update patch] | |
Name: system:openshift:controller:serviceaccount-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
serviceaccounts [] [] [create delete get list patch update watch] | |
events [] [] [create patch update] | |
Name: system:openshift:controller:serviceaccount-pull-secrets-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
secrets [] [] [create delete get list patch update watch] | |
serviceaccounts [] [] [create get list update watch] | |
events [] [] [create patch update] | |
services [] [] [get list watch] | |
Name: system:openshift:controller:template-instance-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
templateinstances.template.openshift.io/status [] [] [update] | |
Name: system:openshift:controller:template-instance-finalizer-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
templateinstances.template.openshift.io/status [] [] [update] | |
Name: system:openshift:controller:template-service-broker | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
templateinstances.template.openshift.io [] [] [assign create delete get] | |
brokertemplateinstances.template.openshift.io [] [] [create delete get update] | |
secrets [] [] [create delete get] | |
events [] [] [create patch update] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.openshift.io [] [] [create] | |
templates.template.openshift.io [] [] [get list watch] | |
configmaps [] [] [get] | |
routes [] [] [get] | |
services [] [] [get] | |
routes.route.openshift.io [] [] [get] | |
brokertemplateinstances.template.openshift.io/finalizers [] [] [update] | |
Name: system:openshift:controller:unidling-controller | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
deploymentconfigs [] [] [get patch update] | |
replicationcontrollers [] [] [get patch update] | |
deploymentconfigs.apps.openshift.io [] [] [get patch update] | |
deploymentconfigs/scale [] [] [get update] | |
endpoints [] [] [get update] | |
replicationcontrollers/scale [] [] [get update] | |
deploymentconfigs.apps.openshift.io/scale [] [] [get update] | |
deployments.apps/scale [] [] [get update] | |
replicasets.apps/scale [] [] [get update] | |
deployments.extensions/scale [] [] [get update] | |
replicasets.extensions/scale [] [] [get update] | |
events [] [] [list watch create patch update] | |
Name: system:openshift:discovery | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
[/.well-known/*] [] [get] | |
[/.well-known] [] [get] | |
[/] [] [get] | |
[/api/*] [] [get] | |
[/api] [] [get] | |
[/apis/*] [] [get] | |
[/apis] [] [get] | |
[/oapi/*] [] [get] | |
[/oapi] [] [get] | |
[/openapi/v2] [] [get] | |
[/osapi/] [] [get] | |
[/osapi] [] [get] | |
[/swagger-2.0.0.pb-v1] [] [get] | |
[/swagger.json] [] [get] | |
[/swaggerapi/*] [] [get] | |
[/swaggerapi] [] [get] | |
[/version/*] [] [get] | |
[/version] [] [get] | |
Name: system:openshift:machine-config-operator:cluster-reader | |
Labels: rbac.authorization.k8s.io/aggregate-to-cluster-reader=true | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
containerruntimeconfigs.machineconfiguration.openshift.io [] [] [get list watch] | |
controllerconfigs.machineconfiguration.openshift.io [] [] [get list watch] | |
kubeletconfigs.machineconfiguration.openshift.io [] [] [get list watch] | |
machineconfigpools.machineconfiguration.openshift.io [] [] [get list watch] | |
mcoconfigs.machineconfiguration.openshift.io [] [] [get list watch] | |
Name: system:openshift:openshift-controller-manager | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
events.events.k8s.io [] [] [create patch update] | |
*.* [] [] [get list watch] | |
Name: system:openshift:public-info-viewer | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
[/readyz] [] [get] | |
Name: system:openshift:templateservicebroker-client | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
[/brokers/template.openshift.io/*] [] [delete] | |
[/brokers/template.openshift.io/*] [] [get] | |
[/brokers/template.openshift.io/*] [] [put] | |
[/brokers/template.openshift.io/*] [] [update] | |
Name: system:openshift:tokenreview-openshift-controller-manager | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
Name: system:persistent-volume-provisioner | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
persistentvolumes [] [] [create delete get list watch] | |
persistentvolumeclaims [] [] [get list update watch] | |
storageclasses.storage.k8s.io [] [] [get list watch] | |
events [] [] [watch create patch update] | |
Name: system:registry | |
Labels: <none> | |
Annotations: imageregistry.operator.openshift.io/checksum: sha256:4f5c458a9529be990802411d939d2126b77fa47083541be8946d4ca262db41d0 | |
rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
imagestreammappings [] [] [create] | |
imagestreammappings.image.openshift.io [] [] [create] | |
images [] [] [delete get get update] | |
imagestreamtags [] [] [delete get] | |
imagestreamtags.image.openshift.io [] [] [delete get] | |
images.image.openshift.io [] [] [get update delete] | |
imagestreams.image.openshift.io [] [] [get update] | |
imagestreamimages [] [] [get] | |
imagestreams/secrets [] [] [get] | |
imagestreamimages.image.openshift.io [] [] [get] | |
imagestreams.image.openshift.io/layers [] [] [get] | |
imagestreams.image.openshift.io/secrets [] [] [get] | |
imagestreams [] [] [list get update] | |
limitranges [] [] [list] | |
resourcequotas [] [] [list] | |
Name: system:router | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
endpoints [] [] [list watch] | |
routes [] [] [list watch] | |
services [] [] [list watch] | |
routes.route.openshift.io [] [] [list watch] | |
routes/status [] [] [update] | |
routes.route.openshift.io/status [] [] [update] | |
Name: system:scope-impersonation | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
userextras.authentication.k8s.io/scopes.authorization.openshift.io [] [] [impersonate] | |
Name: system:sdn-manager | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
hostsubnets [] [] [create delete get list watch] | |
netnamespaces [] [] [create delete get list watch] | |
hostsubnets.network.openshift.io [] [] [create delete get list watch] | |
netnamespaces.network.openshift.io [] [] [create delete get list watch] | |
clusternetworks [] [] [create get] | |
clusternetworks.network.openshift.io [] [] [create get] | |
nodes [] [] [get list watch] | |
Name: system:sdn-reader | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
events [] [] [create patch update] | |
egressnetworkpolicies [] [] [get list watch] | |
hostsubnets [] [] [get list watch] | |
namespaces [] [] [get list watch] | |
netnamespaces [] [] [get list watch] | |
nodes [] [] [get list watch] | |
networkpolicies.extensions [] [] [get list watch] | |
egressnetworkpolicies.network.openshift.io [] [] [get list watch] | |
hostsubnets.network.openshift.io [] [] [get list watch] | |
netnamespaces.network.openshift.io [] [] [get list watch] | |
networkpolicies.networking.k8s.io [] [] [get list watch] | |
clusternetworks [] [] [get] | |
clusternetworks.network.openshift.io [] [] [get] | |
Name: system:volume-scheduler | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
persistentvolumeclaims [] [] [get list patch update watch] | |
persistentvolumes [] [] [get list patch update watch] | |
storageclasses.storage.k8s.io [] [] [get list watch] | |
Name: system:webhook | |
Labels: <none> | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
buildconfigs/webhooks [] [] [create get] | |
buildconfigs.build.openshift.io/webhooks [] [] [create get] | |
Name: telemeter-client | |
Labels: <none> | |
Annotations: <none> | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
tokenreviews.authentication.k8s.io [] [] [create] | |
subjectaccessreviews.authorization.k8s.io [] [] [create] | |
Name: view | |
Labels: kubernetes.io/bootstrapping=rbac-defaults | |
rbac.authorization.k8s.io/aggregate-to-edit=true | |
Annotations: rbac.authorization.kubernetes.io/autoupdate: true | |
PolicyRule: | |
Resources Non-Resource URLs Resource Names Verbs | |
--------- ----------------- -------------- ----- | |
namespaces [] [] [get get list watch] | |
appliedclusterresourcequotas [] [] [get list watch] | |
bindings [] [] [get list watch] | |
buildconfigs/webhooks [] [] [get list watch] | |
buildconfigs [] [] [get list watch] | |
buildlogs [] [] [get list watch] | |
builds/log [] [] [get list watch] | |
builds [] [] [get list watch] | |
configmaps [] [] [get list watch] | |
deploymentconfigs/log [] [] [get list watch] | |
deploymentconfigs/scale [] [] [get list watch] | |
deploymentconfigs/status [] [] [get list watch] | |
deploymentconfigs [] [] [get list watch] | |
endpoints [] [] [get list watch] | |
events [] [] [get list watch] | |
imagestreamimages [] [] [get list watch] | |
imagestreammappings [] [] [get list watch] | |
imagestreams/status [] [] [get list watch] | |
imagestreams [] [] [get list watch] | |
imagestreamtags [] [] [get list watch] | |
limitranges [] [] [get list watch] | |
namespaces/status [] [] [get list watch] | |
persistentvolumeclaims [] [] [get list watch] | |
pods/log [] [] [get list watch] | |
pods/status [] [] [get list watch] | |
pods [] [] [get list watch] | |
processedtemplates [] [] [get list watch] | |
replicationcontrollers/scale [] [] [get list watch] | |
replicationcontrollers/status [] [] [get list watch] | |
replicationcontrollers [] [] [get list watch] | |
resourcequotas/status [] [] [get list watch] | |
resourcequotas [] [] [get list watch] | |
resourcequotausages [] [] [get list watch] | |
routes/status [] [] [get list watch] | |
routes [] [] [get list watch] | |
serviceaccounts [] [] [get list watch] | |
services [] [] [get list watch] | |
templateconfigs [] [] [get list watch] | |
templateinstances [] [] [get list watch] | |
templates [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/log [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/scale [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io/status [] [] [get list watch] | |
deploymentconfigs.apps.openshift.io [] [] [get list watch] | |
controllerrevisions.apps [] [] [get list watch] | |
daemonsets.apps [] [] [get list watch] | |
deployments.apps/scale [] [] [get list watch] | |
deployments.apps [] [] [get list watch] | |
replicasets.apps/scale [] [] [get list watch] | |
replicasets.apps [] [] [get list watch] | |
statefulsets.apps/scale [] [] [get list watch] | |
statefulsets.apps [] [] [get list watch] | |
horizontalpodautoscalers.autoscaling [] [] [get list watch] | |
cronjobs.batch [] [] [get list watch] | |
jobs.batch [] [] [get list watch] | |
buildconfigs.build.openshift.io/webhooks [] [] [get list watch] | |
buildconfigs.build.openshift.io [] [] [get list watch] | |
buildlogs.build.openshift.io [] [] [get list watch] | |
builds.build.openshift.io/log [] [] [get list watch] | |
builds.build.openshift.io [] [] [get list watch] | |
daemonsets.extensions [] [] [get list watch] | |
deployments.extensions/scale [] [] [get list watch] | |
deployments.extensions [] [] [get list watch] | |
ingresses.extensions [] [] [get list watch] | |
networkpolicies.extensions [] [] [get list watch] | |
replicasets.extensions/scale [] [] [get list watch] | |
replicasets.extensions [] [] [get list watch] | |
replicationcontrollers.extensions/scale [] [] [get list watch] | |
imagestreamimages.image.openshift.io [] [] [get list watch] | |
imagestreammappings.image.openshift.io [] [] [get list watch] | |
imagestreams.image.openshift.io/status [] [] [get list watch] | |
imagestreams.image.openshift.io [] [] [get list watch] | |
imagestreamtags.image.openshift.io [] [] [get list watch] | |
pods.metrics.k8s.io [] [] [get list watch] | |
networkpolicies.networking.k8s.io [] [] [get list watch] | |
catalogsources.operators.coreos.com [] [] [get list watch] | |
clusterserviceversions.operators.coreos.com [] [] [get list watch] | |
installplans.operators.coreos.com [] [] [get list watch] | |
operatorgroups.operators.coreos.com [] [] [get list watch] | |
subscriptions.operators.coreos.com [] [] [get list watch] | |
packagemanifests.packages.operators.coreos.com [] [] [get list watch] | |
poddisruptionbudgets.policy [] [] [get list watch] | |
appliedclusterresourcequotas.quota.openshift.io [] [] [get list watch] | |
routes.route.openshift.io/status [] [] [get list watch] | |
routes.route.openshift.io [] [] [get list watch] | |
processedtemplates.template.openshift.io [] [] [get list watch] | |
templateconfigs.template.openshift.io [] [] [get list watch] | |
templateinstances.template.openshift.io [] [] [get list watch] | |
templates.template.openshift.io [] [] [get list watch] | |
imagestreams/layers [] [] [get] | |
projects [] [] [get] | |
imagestreams.image.openshift.io/layers [] [] [get] | |
projects.project.openshift.io [] [] [get] | |
jenkins.build.openshift.io [] [] [view] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment