Skip to content

Instantly share code, notes, and snippets.

@richm

richm/cluster-reader.role.yaml

Created February 26, 2019 23:30
Show Gist options
  • Save richm/b168ce6776d5ced57d0075f4bd911678 to your computer and use it in GitHub Desktop.
Save richm/b168ce6776d5ced57d0075f4bd911678 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cluster-reader.role.yaml
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
- matchLabels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
creationTimestamp: 2019-02-26T19:27:26Z
name: cluster-reader
resourceVersion: "118281"
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/cluster-reader
uid: 8cc77c91-39fc-11e9-b506-0288ec485cba
rules:
- apiGroups:
- ""
resources:
- componentstatuses
- nodes
- nodes/status
- persistentvolumeclaims/status
- persistentvolumes
- persistentvolumes/status
- pods/binding
- pods/eviction
- podtemplates
- securitycontextconstraints
- services/status
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- controllerrevisions
- daemonsets/status
- deployments/status
- replicasets/status
- statefulsets/status
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
- customresourcedefinitions/status
verbs:
- get
- list
- watch
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
- apiservices/status
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers/status
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs/status
- jobs/status
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets/status
- deployments/status
- horizontalpodautoscalers
- horizontalpodautoscalers/status
- ingresses/status
- jobs
- jobs/status
- podsecuritypolicies
- replicasets/status
- replicationcontrollers
- storageclasses
- thirdpartyresources
verbs:
- get
- list
- watch
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- get
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets/status
- podsecuritypolicies
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- get
- list
- watch
- apiGroups:
- settings.k8s.io
resources:
- podpresets
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
- volumeattachments
verbs:
- get
- list
- watch
- apiGroups:
- scheduling.k8s.io
resources:
- priorityclasses
verbs:
- get
- list
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
- certificatesigningrequests/approval
- certificatesigningrequests/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
- authorization.openshift.io
resources:
- clusterrolebindings
- clusterroles
- rolebindingrestrictions
- rolebindings
- roles
verbs:
- get
- list
- watch
- apiGroups:
- ""
- build.openshift.io
resources:
- builds/details
verbs:
- get
- list
- watch
- apiGroups:
- ""
- image.openshift.io
resources:
- images
- imagesignatures
verbs:
- get
- list
- watch
- apiGroups:
- ""
- image.openshift.io
resources:
- imagestreams/layers
verbs:
- get
- apiGroups:
- ""
- oauth.openshift.io
resources:
- oauthclientauthorizations
verbs:
- get
- list
- watch
- apiGroups:
- ""
- project.openshift.io
resources:
- projects
verbs:
- list
- watch
- apiGroups:
- ""
- project.openshift.io
resources:
- projectrequests
verbs:
- get
- list
- watch
- apiGroups:
- ""
- quota.openshift.io
resources:
- clusterresourcequotas
- clusterresourcequotas/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
- network.openshift.io
resources:
- clusternetworks
- egressnetworkpolicies
- hostsubnets
- netnamespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
- security.openshift.io
resources:
- securitycontextconstraints
verbs:
- get
- list
- watch
- apiGroups:
- security.openshift.io
resources:
- rangeallocations
verbs:
- get
- list
- watch
- apiGroups:
- ""
- template.openshift.io
resources:
- brokertemplateinstances
- templateinstances/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
- user.openshift.io
resources:
- groups
- identities
- useridentitymappings
- users
verbs:
- get
- list
- watch
- apiGroups:
- ""
- authorization.openshift.io
resources:
- localresourceaccessreviews
- localsubjectaccessreviews
- resourceaccessreviews
- selfsubjectrulesreviews
- subjectaccessreviews
- subjectrulesreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- localsubjectaccessreviews
- selfsubjectaccessreviews
- selfsubjectrulesreviews
- subjectaccessreviews
verbs:
- create
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- ""
- security.openshift.io
resources:
- podsecuritypolicyreviews
- podsecuritypolicyselfsubjectreviews
- podsecuritypolicysubjectreviews
verbs:
- create
- apiGroups:
- ""
resources:
- nodes/metrics
- nodes/spec
verbs:
- get
- apiGroups:
- ""
resources:
- nodes/stats
verbs:
- create
- get
- nonResourceURLs:
- '*'
verbs:
- get
- apiGroups:
- packages.apps.redhat.com
resources:
- ""
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
- catalogsources
- installplans
- subscriptions
- packagemanifests
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resourceNames:
- clusterloggings.logging.openshift.io
resources:
- customresourcedefinitions
verbs:
- get
- apiGroups:
- logging.openshift.io
resources:
- clusterloggings
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resourceNames:
- elasticsearches.logging.openshift.io
resources:
- customresourcedefinitions
verbs:
- get
- apiGroups:
- logging.openshift.io
resources:
- elasticsearches
verbs:
- get
- list
- watch
- apiGroups:
- ""
- image.openshift.io
resources:
- imagestreamimages
- imagestreammappings
- imagestreams
- imagestreamtags
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
- project.openshift.io
resources:
- projects
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- pods
- replicationcontrollers
- replicationcontrollers/scale
- serviceaccounts
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- bindings
- events
- limitranges
- namespaces/status
- pods/log
- pods/status
- replicationcontrollers/status
- resourcequotas
- resourcequotas/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- controllerrevisions
- daemonsets
- deployments
- deployments/scale
- replicasets
- replicasets/scale
- statefulsets
- statefulsets/scale
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- deployments/scale
- ingresses
- networkpolicies
- replicasets
- replicasets/scale
- replicationcontrollers/scale
verbs:
- get
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- ""
- build.openshift.io
resources:
- buildconfigs
- buildconfigs/webhooks
- builds
verbs:
- get
- list
- watch
- apiGroups:
- ""
- build.openshift.io
resources:
- builds/log
verbs:
- get
- list
- watch
- apiGroups:
- build.openshift.io
resources:
- jenkins
verbs:
- view
- apiGroups:
- ""
- apps.openshift.io
resources:
- deploymentconfigs
- deploymentconfigs/scale
verbs:
- get
- list
- watch
- apiGroups:
- ""
- apps.openshift.io
resources:
- deploymentconfigs/log
- deploymentconfigs/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
- image.openshift.io
resources:
- imagestreams/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
- quota.openshift.io
resources:
- appliedclusterresourcequotas
verbs:
- get
- list
- watch
- apiGroups:
- ""
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- watch
- apiGroups:
- ""
- route.openshift.io
resources:
- routes/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
- template.openshift.io
resources:
- processedtemplates
- templateconfigs
- templateinstances
- templates
verbs:
- get
- list
- watch
- apiGroups:
- ""
- build.openshift.io
resources:
- buildlogs
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- resourcequotausages
verbs:
- get
- list
- watch
Raw
gistfile1.txt
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: cluster-logging-operator-cluster-reader-binding
subjects:
- kind: ServiceAccount
name: cluster-logging-operator
namespace: openshift-operators
roleRef:
kind: ClusterRole
name: cluster-reader
apiGroup: rbac.authorization.k8s.io
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment