Created
October 8, 2020 15:16
-
-
Save sttts/32c2d3916e94895ed6f66f11f7f06009 to your computer and use it in GitHub Desktop.
kubectl get nodes | grep master | awk '{print $1;}' | while read NODE; do echo $NODE; { oc debug node/$NODE -- chroot /host bash -c 'tail -f /var/log/kube-apiserver/audit.log' | grep subjectaccessreview | jq '{"w":.responseObject.spec, "u":.userAgent, "r":.annotations."authorization.k8s.io/decision"}' | tee $NODE.log; } &; done
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-rbac-proxy/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-rbac-proxy/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/user.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/readyz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "create", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients", | |
| "name": "openshift-browser-client" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "create", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients", | |
| "name": "openshift-challenging-client" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "version": "v1", | |
| "resource": "nodes", | |
| "subresource": "proxy", | |
| "name": "ip-10-0-168-73.us-west-1.compute.internal" | |
| }, | |
| "user": "system:kube-apiserver", | |
| "groups": [ | |
| "kube-master", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "kubelet/v1.19.0+db1fc96 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "version": "v1", | |
| "resource": "nodes", | |
| "subresource": "proxy", | |
| "name": "ip-10-0-161-245.us-west-1.compute.internal" | |
| }, | |
| "user": "system:kube-apiserver", | |
| "groups": [ | |
| "kube-master", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "kubelet/v1.19.0+db1fc96 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "user.openshift.io", | |
| "version": "v1", | |
| "resource": "users", | |
| "name": "~" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "version": "v1", | |
| "resource": "nodes", | |
| "subresource": "proxy", | |
| "name": "ip-10-0-211-91.us-west-1.compute.internal" | |
| }, | |
| "user": "system:kube-apiserver", | |
| "groups": [ | |
| "kube-master", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "kubelet/v1.19.0+db1fc96 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/readyz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients", | |
| "name": "openshift-browser-client" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "create", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients", | |
| "name": "openshift-challenging-client" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients", | |
| "name": "openshift-browser-client" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/readyz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "user.openshift.io", | |
| "version": "v1", | |
| "resource": "users", | |
| "name": "~" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-controller-manager/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "user.openshift.io", | |
| "version": "v1", | |
| "resource": "users", | |
| "name": "~" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-rbac-proxy/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/user.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/oauth.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/user.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/oauth.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "oauth-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/oauth.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/user.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/readyz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/readyz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-controller-manager/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "user.openshift.io", | |
| "version": "v1", | |
| "resource": "users", | |
| "name": "~" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/readyz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "insights-operator/v1.0.0+c2d2c03 (linux/amd64) kubernetes/c2d2c03", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/oauth.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/user.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "create", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients", | |
| "name": "openshift-browser-client" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "create", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients", | |
| "name": "openshift-challenging-client" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients", | |
| "name": "openshift-browser-client" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients", | |
| "name": "openshift-challenging-client" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "oauth.openshift.io", | |
| "version": "v1", | |
| "resource": "oauthclients", | |
| "name": "openshift-browser-client" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "oauth-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "image.openshift.io", | |
| "resource": "registry", | |
| "subresource": "metrics" | |
| } | |
| }, | |
| "u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": null, | |
| "u": "machine-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format/machine-config", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-controller-manager/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/apps.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/authorization.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/build.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/image.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/quota.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/route.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/security.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/template.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "namespace": "openshift-authentication", | |
| "verb": "get", | |
| "group": "route.openshift.io", | |
| "version": "v1", | |
| "resource": "routes", | |
| "name": "oauth-openshift" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "namespace": "openshift-authentication", | |
| "verb": "get", | |
| "group": "route.openshift.io", | |
| "version": "v1", | |
| "resource": "routes", | |
| "name": "oauth-openshift" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "image.openshift.io", | |
| "resource": "registry", | |
| "subresource": "metrics" | |
| } | |
| }, | |
| "u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "service-ca-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-kube-controller-manager-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-openshift-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-controller-manager/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-etcd-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "image.openshift.io", | |
| "resource": "registry", | |
| "subresource": "metrics" | |
| } | |
| }, | |
| "u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/apps.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/authorization.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/image.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/project.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/quota.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/route.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/security.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/template.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/image.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/template.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/project.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/quota.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/authorization.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/route.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/metrics.k8s.io/v1beta1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/build.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/apps.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/security.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/packages.operators.coreos.com/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:generic-garbage-collector", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/metrics.k8s.io/v1beta1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/authorization.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/security.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/route.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/quota.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/packages.operators.coreos.com/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/project.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/build.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/image.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/apps.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/template.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:kube-system:resourcequota-controller", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:kube-system", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "openshift-controller-manager/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/readyz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-kube-scheduler-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-openshift-controller-manager-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-openshift-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "oauth-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "service-ca-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-etcd-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "authentication-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/authorization.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/build.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/image.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/quota.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/route.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/template.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "image.openshift.io", | |
| "resource": "registry", | |
| "subresource": "metrics" | |
| } | |
| }, | |
| "u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-kube-controller-manager-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "namespace": "openshift", | |
| "verb": "watch", | |
| "group": "image.openshift.io", | |
| "version": "v1", | |
| "resource": "imagestreams" | |
| }, | |
| "user": "system:serviceaccount:openshift-cluster-samples-operator:cluster-samples-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-cluster-samples-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "watch", | |
| "group": "template.openshift.io", | |
| "version": "v1", | |
| "resource": "templateinstances" | |
| }, | |
| "user": "system:kube-controller-manager", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": null, | |
| "u": "machine-config-operator/v0.0.0 (linux/amd64) kubernetes/$Format/machine-config", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/openapi/v2", | |
| "verb": "get" | |
| }, | |
| "user": "system:aggregator", | |
| "groups": [ | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "watch", | |
| "group": "apps.openshift.io", | |
| "version": "v1", | |
| "resource": "deploymentconfigs" | |
| }, | |
| "user": "system:serviceaccount:openshift-controller-manager:openshift-controller-manager-sa", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-controller-manager", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-scheduler/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "image.openshift.io", | |
| "resource": "registry", | |
| "subresource": "metrics" | |
| } | |
| }, | |
| "u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cm-adapter/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-controller-manager/v1.19.0 (linux/amd64) kubernetes/db1fc96", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "kube-rbac-proxy/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "console/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/apps.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/authorization.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/build.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/image.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/project.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/quota.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/route.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/security.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/apis/template.openshift.io/v1", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-apiserver-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "namespace": "openshift-authentication", | |
| "verb": "get", | |
| "group": "route.openshift.io", | |
| "version": "v1", | |
| "resource": "routes", | |
| "name": "oauth-openshift" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "namespace": "openshift-authentication", | |
| "verb": "get", | |
| "group": "route.openshift.io", | |
| "version": "v1", | |
| "resource": "routes", | |
| "name": "oauth-openshift" | |
| }, | |
| "user": "system:serviceaccount:openshift-authentication-operator:authentication-operator", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-authentication-operator", | |
| "system:authenticated" | |
| ] | |
| }, | |
| "u": "openshift-apiserver/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/healthz", | |
| "verb": "get" | |
| }, | |
| "user": "system:anonymous", | |
| "groups": [ | |
| "system:unauthenticated" | |
| ] | |
| }, | |
| "u": "package-server/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "cluster-kube-apiserver-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "resourceAttributes": { | |
| "verb": "get", | |
| "group": "image.openshift.io", | |
| "resource": "registry", | |
| "subresource": "metrics" | |
| } | |
| }, | |
| "u": "dockerregistry/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } | |
| { | |
| "w": { | |
| "nonResourceAttributes": { | |
| "path": "/metrics", | |
| "verb": "get" | |
| }, | |
| "user": "system:serviceaccount:openshift-monitoring:prometheus-k8s", | |
| "groups": [ | |
| "system:serviceaccounts", | |
| "system:serviceaccounts:openshift-monitoring", | |
| "system:authenticated" | |
| ], | |
| "uid": "d2827fbd-45ad-421c-8602-ebf50c906d63" | |
| }, | |
| "u": "service-ca-operator/v0.0.0 (linux/amd64) kubernetes/$Format", | |
| "r": "allow" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment