Skip to content

Instantly share code, notes, and snippets.

@joatmon08

joatmon08/hello-stateful-rbac.yml

Created October 7, 2018 15:41
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save joatmon08/3ac9f2c34dd342ae4db03d67585ccf7c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save joatmon08/3ac9f2c34dd342ae4db03d67585ccf7c to your computer and use it in GitHub Desktop.
Download ZIP
Hello Stateful Final RBAC
Raw
hello-stateful-rbac.yml
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: hello-stateful-operator
rules:
- apiGroups:
- hello-stateful.example.com
resources:
- "*"
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- events
- configmaps
- persistentvolumeclaims
- secrets
verbs:
- "*"
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- "*"
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- "*"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: default-account-hello-stateful-operator
subjects:
- kind: ServiceAccount
name: default
roleRef:
kind: Role
name: hello-stateful-operator
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: hello-stateful-operator-cluster
rules:
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- "get"
- "list"
- "create"
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: default-account-hello-stateful-operator-cluster
subjects:
- kind: Group
name: system:serviceaccounts
roleRef:
kind: ClusterRole
name: hello-stateful-operator-cluster
apiGroup: rbac.authorization.k8s.io
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment