Skip to content

Instantly share code, notes, and snippets.

@jimmycuadra

jimmycuadra/clusterrolebindings.yml

Created February 23, 2017 01:36
Show Gist options
  • Save jimmycuadra/debcb78145d0063534c9e87080b50b8b to your computer and use it in GitHub Desktop.
Save jimmycuadra/debcb78145d0063534c9e87080b50b8b to your computer and use it in GitHub Desktop.
Download ZIP
Default RBAC cluster roles and cluster role bindings built into Kubernetes
Raw
clusterrolebindings.yml
apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: cluster-admin
namespace: ""
resourceVersion: "35"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingscluster-admin
uid: 8ebbea7e-f95b-11e6-b7e3-06719fa7f3e2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: Group
name: system:masters
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: system:basic-user
namespace: ""
resourceVersion: "37"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingssystem%3Abasic-user
uid: 8ebd7422-f95b-11e6-b7e3-06719fa7f3e2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:basic-user
subjects:
- kind: Group
name: system:authenticated
- kind: Group
name: system:unauthenticated
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: system:controller:replication-controller
namespace: ""
resourceVersion: "40"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingssystem%3Acontroller%3Areplication-controller
uid: 8ebfa72e-f95b-11e6-b7e3-06719fa7f3e2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:controller:replication-controller
subjects:
- kind: ServiceAccount
name: replication-controller
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: system:discovery
namespace: ""
resourceVersion: "36"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingssystem%3Adiscovery
uid: 8ebcc0d1-f95b-11e6-b7e3-06719fa7f3e2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:discovery
subjects:
- kind: Group
name: system:authenticated
- kind: Group
name: system:unauthenticated
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: system:node
namespace: ""
resourceVersion: "38"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingssystem%3Anode
uid: 8ebe2c59-f95b-11e6-b7e3-06719fa7f3e2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:node
subjects:
- kind: Group
name: system:nodes
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: system:node-proxier
namespace: ""
resourceVersion: "39"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingssystem%3Anode-proxier
uid: 8ebeecb2-f95b-11e6-b7e3-06719fa7f3e2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:node-proxier
subjects:
- kind: Group
name: system:nodes
kind: List
metadata: {}
resourceVersion: ""
selfLink: ""
Raw
clusterroles.yml
apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: admin
namespace: ""
resourceVersion: "27"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolesadmin
uid: 8eaf41a3-f95b-11e6-b7e3-06719fa7f3e2
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods
- pods/attach
- pods/proxy
- pods/exec
- pods/portforward
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- ""
attributeRestrictions: null
resources:
- replicationcontrollers
- replicationcontrollers/scale
- serviceaccounts
- services
- services/proxy
- endpoints
- persistentvolumeclaims
- configmaps
- secrets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- ""
attributeRestrictions: null
resources:
- limitranges
- resourcequotas
- bindings
- events
- pods/status
- resourcequotas/status
- namespaces/status
- replicationcontrollers/status
- pods/log
verbs:
- get
- list
- watch
- apiGroups:
- ""
attributeRestrictions: null
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
attributeRestrictions: null
resources:
- serviceaccounts
verbs:
- impersonate
- apiGroups:
- apps
attributeRestrictions: null
resources:
- statefulsets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- autoscaling
attributeRestrictions: null
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- batch
attributeRestrictions: null
resources:
- jobs
- cronjobs
- scheduledjobs
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- extensions
attributeRestrictions: null
resources:
- jobs
- daemonsets
- horizontalpodautoscalers
- replicationcontrollers/scale
- replicasets
- replicasets/scale
- deployments
- deployments/scale
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- authorization.k8s.io
attributeRestrictions: null
resources:
- localsubjectaccessreviews
verbs:
- create
- apiGroups:
- rbac.authorization.k8s.io
attributeRestrictions: null
resources:
- roles
- rolebindings
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: cluster-admin
namespace: ""
resourceVersion: "23"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolescluster-admin
uid: 8ea9f07c-f95b-11e6-b7e3-06719fa7f3e2
rules:
- apiGroups:
- '*'
attributeRestrictions: null
resources:
- '*'
verbs:
- '*'
- attributeRestrictions: null
nonResourceURLs:
- '*'
verbs:
- '*'
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: edit
namespace: ""
resourceVersion: "28"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolesedit
uid: 8eb0ee95-f95b-11e6-b7e3-06719fa7f3e2
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods
- pods/attach
- pods/proxy
- pods/exec
- pods/portforward
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- ""
attributeRestrictions: null
resources:
- replicationcontrollers
- replicationcontrollers/scale
- serviceaccounts
- services
- services/proxy
- endpoints
- persistentvolumeclaims
- configmaps
- secrets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- ""
attributeRestrictions: null
resources:
- limitranges
- resourcequotas
- bindings
- events
- pods/status
- resourcequotas/status
- namespaces/status
- replicationcontrollers/status
- pods/log
verbs:
- get
- list
- watch
- apiGroups:
- ""
attributeRestrictions: null
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
attributeRestrictions: null
resources:
- serviceaccounts
verbs:
- impersonate
- apiGroups:
- apps
attributeRestrictions: null
resources:
- statefulsets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- autoscaling
attributeRestrictions: null
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- batch
attributeRestrictions: null
resources:
- jobs
- cronjobs
- scheduledjobs
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiGroups:
- extensions
attributeRestrictions: null
resources:
- jobs
- daemonsets
- horizontalpodautoscalers
- replicationcontrollers/scale
- replicasets
- replicasets/scale
- deployments
- deployments/scale
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- deletecollection
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: system:basic-user
namespace: ""
resourceVersion: "25"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolessystem%3Abasic-user
uid: 8eae32cd-f95b-11e6-b7e3-06719fa7f3e2
rules:
- apiGroups:
- authorization.k8s.io
attributeRestrictions: null
resources:
- selfsubjectaccessreviews
verbs:
- create
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: system:controller:replication-controller
namespace: ""
resourceVersion: "34"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolessystem%3Acontroller%3Areplication-controller
uid: 8eb94cb5-f95b-11e6-b7e3-06719fa7f3e2
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- replicationcontrollers
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
attributeRestrictions: null
resources:
- replicationcontrollers/status
verbs:
- update
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods
verbs:
- list
- watch
- create
- delete
- apiGroups:
- ""
attributeRestrictions: null
resources:
- events
verbs:
- create
- update
- patch
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: system:discovery
namespace: ""
resourceVersion: "24"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolessystem%3Adiscovery
uid: 8eac7adf-f95b-11e6-b7e3-06719fa7f3e2
rules:
- attributeRestrictions: null
nonResourceURLs:
- /version
- /api
- /api/*
- /apis
- /apis/*
verbs:
- get
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: system:node
namespace: ""
resourceVersion: "31"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolessystem%3Anode
uid: 8eb5092b-f95b-11e6-b7e3-06719fa7f3e2
rules:
- apiGroups:
- authentication.k8s.io
attributeRestrictions: null
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
attributeRestrictions: null
resources:
- subjectaccessreviews
- localsubjectaccessreviews
verbs:
- create
- apiGroups:
- ""
attributeRestrictions: null
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
attributeRestrictions: null
resources:
- nodes
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
attributeRestrictions: null
resources:
- nodes/status
verbs:
- update
- apiGroups:
- ""
attributeRestrictions: null
resources:
- events
verbs:
- create
- update
- patch
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods
verbs:
- get
- create
- delete
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods/status
verbs:
- update
- apiGroups:
- ""
attributeRestrictions: null
resources:
- secrets
- configmaps
verbs:
- get
- apiGroups:
- ""
attributeRestrictions: null
resources:
- persistentvolumeclaims
- persistentvolumes
verbs:
- get
- apiGroups:
- ""
attributeRestrictions: null
resources:
- endpoints
verbs:
- get
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: system:node-proxier
namespace: ""
resourceVersion: "33"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolessystem%3Anode-proxier
uid: 8eb6a508-f95b-11e6-b7e3-06719fa7f3e2
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- services
- endpoints
verbs:
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
creationTimestamp: 2017-02-23T00:03:51Z
name: view
namespace: ""
resourceVersion: "30"
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolesview
uid: 8eb33331-f95b-11e6-b7e3-06719fa7f3e2
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods
- replicationcontrollers
- replicationcontrollers/scale
- serviceaccounts
- services
- endpoints
- persistentvolumeclaims
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
attributeRestrictions: null
resources:
- limitranges
- resourcequotas
- bindings
- events
- pods/status
- resourcequotas/status
- namespaces/status
- replicationcontrollers/status
- pods/log
verbs:
- get
- list
- watch
- apiGroups:
- ""
attributeRestrictions: null
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- apps
attributeRestrictions: null
resources:
- statefulsets
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
attributeRestrictions: null
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups:
- batch
attributeRestrictions: null
resources:
- jobs
- cronjobs
- scheduledjobs
verbs:
- get
- list
- watch
- apiGroups:
- extensions
attributeRestrictions: null
resources:
- jobs
- daemonsets
- horizontalpodautoscalers
- replicationcontrollers/scale
- replicasets
- replicasets/scale
- deployments
- deployments/scale
verbs:
- get
- list
- watch
kind: List
metadata: {}
resourceVersion: ""
selfLink: ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment