Created
October 8, 2020 15:16
-
-
Save sttts/32c2d3916e94895ed6f66f11f7f06009 to your computer and use it in GitHub Desktop.
kubectl get nodes | grep master | awk '{print $1;}' | while read NODE; do echo $NODE; { oc debug node/$NODE -- chroot /host bash -c 'tail -f /var/log/kube-apiserver/audit.log' | grep subjectaccessreview | jq '{"w":.responseObject.spec, "u":.userAgent, "r":.annotations."authorization.k8s.io/decision"}' | tee $NODE.log; } &; done
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-rbac-proxy/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-rbac-proxy/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/user.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/readyz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "create", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients", | |
"name": "openshift-browser-client" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "create", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients", | |
"name": "openshift-challenging-client" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"version": "v1", | |
"resource": "nodes", | |
"subresource": "proxy", | |
"name": "ip-10-0-168-73.us-west-1.compute.internal" | |
}, | |
"user": "system:kube-apiserver", | |
"groups": [ | |
"kube-master", | |
"system:authenticated" | |
] | |
}, | |
"u": "kubelet/v1.19.0+db1fc96 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"version": "v1", | |
"resource": "nodes", | |
"subresource": "proxy", | |
"name": "ip-10-0-161-245.us-west-1.compute.internal" | |
}, | |
"user": "system:kube-apiserver", | |
"groups": [ | |
"kube-master", | |
"system:authenticated" | |
] | |
}, | |
"u": "kubelet/v1.19.0+db1fc96 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "user.openshift.io", | |
"version": "v1", | |
"resource": "users", | |
"name": "~" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"version": "v1", | |
"resource": "nodes", | |
"subresource": "proxy", | |
"name": "ip-10-0-211-91.us-west-1.compute.internal" | |
}, | |
"user": "system:kube-apiserver", | |
"groups": [ | |
"kube-master", | |
"system:authenticated" | |
] | |
}, | |
"u": "kubelet/v1.19.0+db1fc96 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/readyz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients", | |
"name": "openshift-browser-client" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "create", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients", | |
"name": "openshift-challenging-client" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients", | |
"name": "openshift-browser-client" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/readyz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "user.openshift.io", | |
"version": "v1", | |
"resource": "users", | |
"name": "~" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-controller-manager/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "user.openshift.io", | |
"version": "v1", | |
"resource": "users", | |
"name": "~" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-rbac-proxy/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/user.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/oauth.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/user.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/oauth.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "oauth-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/oauth.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/user.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/readyz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/readyz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-controller-manager/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "user.openshift.io", | |
"version": "v1", | |
"resource": "users", | |
"name": "~" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/readyz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "insights-operator/v1.0.0+c2d2c03 (linux/amd64) kubernetes/c2d2c03", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/oauth.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/user.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "create", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients", | |
"name": "openshift-browser-client" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "create", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients", | |
"name": "openshift-challenging-client" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients", | |
"name": "openshift-browser-client" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients", | |
"name": "openshift-challenging-client" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "oauth.openshift.io", | |
"version": "v1", | |
"resource": "oauthclients", | |
"name": "openshift-browser-client" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "image.openshift.io", | |
"resource": "registry", | |
"subresource": "metrics" | |
} | |
}, | |
"u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": null, | |
"u": "machine-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format/machine-config", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-controller-manager/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/apps.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/authorization.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/build.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/image.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/quota.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/route.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/security.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/template.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"namespace": "openshift-authentication", | |
"verb": "get", | |
"group": "route.openshift.io", | |
"version": "v1", | |
"resource": "routes", | |
"name": "oauth-openshift" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"namespace": "openshift-authentication", | |
"verb": "get", | |
"group": "route.openshift.io", | |
"version": "v1", | |
"resource": "routes", | |
"name": "oauth-openshift" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "image.openshift.io", | |
"resource": "registry", | |
"subresource": "metrics" | |
} | |
}, | |
"u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "service-ca-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-kube-controller-manager-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-openshift-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-controller-manager/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-etcd-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "image.openshift.io", | |
"resource": "registry", | |
"subresource": "metrics" | |
} | |
}, | |
"u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/apps.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/authorization.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/image.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/project.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/quota.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/route.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/security.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/template.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/image.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/template.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/project.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/quota.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/authorization.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/route.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/metrics.k8s.io/v1beta1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/build.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/apps.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/security.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/packages.operators.coreos.com/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/metrics.k8s.io/v1beta1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/authorization.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/security.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/route.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/quota.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/packages.operators.coreos.com/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/project.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/build.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/image.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/apps.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/template.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:kube-system:resourcequota-controller", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:kube-system", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "openshift-controller-manager/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/readyz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-kube-scheduler-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-openshift-controller-manager-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-openshift-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "oauth-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "service-ca-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-etcd-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "authentication-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/authorization.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/build.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/image.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/quota.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/route.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/template.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "image.openshift.io", | |
"resource": "registry", | |
"subresource": "metrics" | |
} | |
}, | |
"u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-kube-controller-manager-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"namespace": "openshift", | |
"verb": "watch", | |
"group": "image.openshift.io", | |
"version": "v1", | |
"resource": "imagestreams" | |
}, | |
"user": "system:serviceaccount:openshift-cluster-samples-operator:cluster-samples-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-cluster-samples-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "watch", | |
"group": "template.openshift.io", | |
"version": "v1", | |
"resource": "templateinstances" | |
}, | |
"user": "system:kube-controller-manager", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": null, | |
"u": "machine-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format/machine-config", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/openapi/v2", | |
"verb": "get" | |
}, | |
"user": "system:aggregator", | |
"groups": [ | |
"system:authenticated" | |
] | |
}, | |
"u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "watch", | |
"group": "apps.openshift.io", | |
"version": "v1", | |
"resource": "deploymentconfigs" | |
}, | |
"user": "system:serviceaccount:openshift-controller-manager:openshift-controller-manager-sa", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-controller-manager", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "image.openshift.io", | |
"resource": "registry", | |
"subresource": "metrics" | |
} | |
}, | |
"u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-controller-manager/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "kube-rbac-proxy/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/apps.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/authorization.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/build.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/image.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/project.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/quota.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/route.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/security.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/apis/template.openshift.io/v1", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-apiserver-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"namespace": "openshift-authentication", | |
"verb": "get", | |
"group": "route.openshift.io", | |
"version": "v1", | |
"resource": "routes", | |
"name": "oauth-openshift" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"namespace": "openshift-authentication", | |
"verb": "get", | |
"group": "route.openshift.io", | |
"version": "v1", | |
"resource": "routes", | |
"name": "oauth-openshift" | |
}, | |
"user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-authentication-operator", | |
"system:authenticated" | |
] | |
}, | |
"u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/healthz", | |
"verb": "get" | |
}, | |
"user": "system:anonymous", | |
"groups": [ | |
"system:unauthenticated" | |
] | |
}, | |
"u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"resourceAttributes": { | |
"verb": "get", | |
"group": "image.openshift.io", | |
"resource": "registry", | |
"subresource": "metrics" | |
} | |
}, | |
"u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} | |
{ | |
"w": { | |
"nonResourceAttributes": { | |
"path": "/metrics", | |
"verb": "get" | |
}, | |
"user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
"groups": [ | |
"system:serviceaccounts", | |
"system:serviceaccounts:openshift-monitoring", | |
"system:authenticated" | |
], | |
"uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
}, | |
"u": "service-ca-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
"r": "allow" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment