Skip to content

Instantly share code, notes, and snippets.

@rjhowe

rjhowe/gist:b501fc8456886aa705d0d6d2b7365c3c

Created August 7, 2018 15:24
Show Gist options
  • Save rjhowe/b501fc8456886aa705d0d6d2b7365c3c to your computer and use it in GitHub Desktop.
Save rjhowe/b501fc8456886aa705d0d6d2b7365c3c to your computer and use it in GitHub Desktop.
Download ZIP
37policy.json
Raw
gistfile1.txt
{
"kind": "Template",
"apiVersion": "v1",
"metadata": {
"creationTimestamp": null
},
"objects": [
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "cluster-admin",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/description": "A super-user that can perform any action in the cluster. When granted to a user within a project, they have full control over quota and membership and can perform every action on every resource in the project.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"*"
],
"attributeRestrictions": null,
"apiGroups": [
"*"
],
"resources": [
"*"
]
},
{
"verbs": [
"*"
],
"attributeRestrictions": null,
"apiGroups": null,
"resources": [],
"nonResourceURLs": [
"*"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "sudoer",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"impersonate"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"user.openshift.io"
],
"resources": [
"systemusers",
"users"
],
"resourceNames": [
"system:admin"
]
},
{
"verbs": [
"impersonate"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"user.openshift.io"
],
"resources": [
"groups",
"systemgroups"
],
"resourceNames": [
"system:masters"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:scope-impersonation",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"impersonate"
],
"attributeRestrictions": null,
"apiGroups": [
"authentication.k8s.io"
],
"resources": [
"userextras/scopes.authorization.openshift.io"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "cluster-reader",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"bindings",
"componentstatuses",
"configmaps",
"endpoints",
"events",
"limitranges",
"namespaces",
"namespaces/status",
"nodes",
"nodes/status",
"persistentvolumeclaims",
"persistentvolumeclaims/status",
"persistentvolumes",
"persistentvolumes/status",
"pods",
"pods/binding",
"pods/eviction",
"pods/log",
"pods/status",
"podtemplates",
"replicationcontrollers",
"replicationcontrollers/scale",
"replicationcontrollers/status",
"resourcequotas",
"resourcequotas/status",
"securitycontextconstraints",
"serviceaccounts",
"services",
"services/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"controllerrevisions",
"deployments",
"deployments/scale",
"deployments/status",
"statefulsets",
"statefulsets/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apiextensions.k8s.io"
],
"resources": [
"customresourcedefinitions",
"customresourcedefinitions/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apiregistration.k8s.io"
],
"resources": [
"apiservices",
"apiservices/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"autoscaling"
],
"resources": [
"horizontalpodautoscalers",
"horizontalpodautoscalers/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"cronjobs",
"cronjobs/status",
"jobs",
"jobs/status",
"scheduledjobs",
"scheduledjobs/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"daemonsets",
"daemonsets/status",
"deployments",
"deployments/scale",
"deployments/status",
"horizontalpodautoscalers",
"horizontalpodautoscalers/status",
"ingresses",
"ingresses/status",
"jobs",
"jobs/status",
"networkpolicies",
"podsecuritypolicies",
"replicasets",
"replicasets/scale",
"replicasets/status",
"replicationcontrollers",
"replicationcontrollers/scale",
"storageclasses",
"thirdpartyresources"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"networking.k8s.io"
],
"resources": [
"networkpolicies"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"policy"
],
"resources": [
"poddisruptionbudgets",
"poddisruptionbudgets/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"rbac.authorization.k8s.io"
],
"resources": [
"clusterrolebindings",
"clusterroles",
"rolebindings",
"roles"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"settings.k8s.io"
],
"resources": [
"podpresets"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"storage.k8s.io"
],
"resources": [
"storageclasses"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"certificates.k8s.io"
],
"resources": [
"certificatesigningrequests",
"certificatesigningrequests/approval",
"certificatesigningrequests/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"clusterrolebindings",
"clusterroles",
"rolebindingrestrictions",
"rolebindings",
"roles"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs",
"buildconfigs/webhooks",
"builds",
"builds/details",
"builds/log"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs",
"deploymentconfigs/log",
"deploymentconfigs/scale",
"deploymentconfigs/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"images",
"imagesignatures",
"imagestreamimages",
"imagestreams",
"imagestreams/status",
"imagestreamtags"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/layers"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"oauth.openshift.io"
],
"resources": [
"oauthclientauthorizations"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"project.openshift.io"
],
"resources": [
"projectrequests",
"projects"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"quota.openshift.io"
],
"resources": [
"appliedclusterresourcequotas",
"clusterresourcequotas",
"clusterresourcequotas/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes",
"routes/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"network.openshift.io"
],
"resources": [
"clusternetworks",
"egressnetworkpolicies",
"hostsubnets",
"netnamespaces"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"security.openshift.io"
],
"resources": [
"securitycontextconstraints"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"template.openshift.io"
],
"resources": [
"processedtemplates",
"templateconfigs",
"templateinstances",
"templates"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"template.openshift.io"
],
"resources": [
"brokertemplateinstances",
"templateinstances/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"user.openshift.io"
],
"resources": [
"groups",
"identities",
"useridentitymappings",
"users"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"localresourceaccessreviews",
"localsubjectaccessreviews",
"resourceaccessreviews",
"selfsubjectrulesreviews",
"subjectaccessreviews",
"subjectrulesreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"localsubjectaccessreviews",
"selfsubjectaccessreviews",
"subjectaccessreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authentication.k8s.io"
],
"resources": [
"tokenreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"security.openshift.io"
],
"resources": [
"podsecuritypolicyreviews",
"podsecuritypolicyselfsubjectreviews",
"podsecuritypolicysubjectreviews"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/metrics",
"nodes/spec"
]
},
{
"verbs": [
"create",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/stats"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": null,
"resources": [],
"nonResourceURLs": [
"*"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildlogs"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"resourcequotausages"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "cluster-debugger",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": null,
"resources": [],
"nonResourceURLs": [
"/debug/pprof",
"/debug/pprof/*",
"/metrics"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:build-strategy-docker",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/docker",
"builds/optimizeddocker"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:build-strategy-custom",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/custom"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:build-strategy-source",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/source"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:build-strategy-jenkinspipeline",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/jenkinspipeline"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "storage-admin",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumes"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"storage.k8s.io"
],
"resources": [
"storageclasses"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events",
"persistentvolumeclaims"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "admin",
"creationTimestamp": null,
"annotations": {
"openshift.io/description": "A user that has edit rights within the project and can change the project's membership.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods",
"pods/attach",
"pods/exec",
"pods/portforward",
"pods/proxy"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps",
"endpoints",
"persistentvolumeclaims",
"replicationcontrollers",
"replicationcontrollers/scale",
"secrets",
"serviceaccounts",
"services",
"services/proxy"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"bindings",
"events",
"limitranges",
"namespaces",
"namespaces/status",
"pods/log",
"pods/status",
"replicationcontrollers/status",
"resourcequotas",
"resourcequotas/status"
]
},
{
"verbs": [
"impersonate"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"serviceaccounts"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"autoscaling"
],
"resources": [
"horizontalpodautoscalers"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"cronjobs",
"jobs",
"scheduledjobs"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"deployments",
"deployments/rollback",
"deployments/scale",
"horizontalpodautoscalers",
"networkpolicies",
"replicasets",
"replicasets/scale",
"replicationcontrollers/scale"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"daemonsets"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"deployments",
"deployments/scale",
"deployments/status",
"statefulsets"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"rolebindings",
"roles"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"rbac.authorization.k8s.io"
],
"resources": [
"rolebindings",
"roles"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"localresourceaccessreviews",
"localsubjectaccessreviews",
"subjectrulesreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"security.openshift.io"
],
"resources": [
"podsecuritypolicyreviews",
"podsecuritypolicyselfsubjectreviews",
"podsecuritypolicysubjectreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"localsubjectaccessreviews"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"rolebindingrestrictions"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs",
"buildconfigs/webhooks",
"builds"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/log"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs/instantiate",
"buildconfigs/instantiatebinary",
"builds/clone"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/details"
]
},
{
"verbs": [
"admin",
"edit",
"view"
],
"attributeRestrictions": null,
"apiGroups": [
"build.openshift.io"
],
"resources": [
"jenkins"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs",
"deploymentconfigs/scale"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigrollbacks",
"deploymentconfigs/instantiate",
"deploymentconfigs/rollback"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs/log",
"deploymentconfigs/status"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimages",
"imagestreammappings",
"imagestreams",
"imagestreams/secrets",
"imagestreamtags"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/status"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/layers"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimports"
]
},
{
"verbs": [
"delete",
"get",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"project.openshift.io"
],
"resources": [
"projects"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"quota.openshift.io"
],
"resources": [
"appliedclusterresourcequotas"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes/custom-host"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes/status"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"template.openshift.io"
],
"resources": [
"processedtemplates",
"templateconfigs",
"templateinstances",
"templates"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildlogs"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"resourcequotausages"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"resourceaccessreviews",
"subjectaccessreviews"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "edit",
"creationTimestamp": null,
"annotations": {
"openshift.io/description": "A user that can create and edit most objects in a project, but can not update the project's membership.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods",
"pods/attach",
"pods/exec",
"pods/portforward",
"pods/proxy"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps",
"endpoints",
"persistentvolumeclaims",
"replicationcontrollers",
"replicationcontrollers/scale",
"secrets",
"serviceaccounts",
"services",
"services/proxy"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"bindings",
"events",
"limitranges",
"namespaces",
"namespaces/status",
"pods/log",
"pods/status",
"replicationcontrollers/status",
"resourcequotas",
"resourcequotas/status"
]
},
{
"verbs": [
"impersonate"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"serviceaccounts"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"autoscaling"
],
"resources": [
"horizontalpodautoscalers"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"cronjobs",
"jobs",
"scheduledjobs"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"deployments",
"deployments/rollback",
"deployments/scale",
"horizontalpodautoscalers",
"replicasets",
"replicasets/scale",
"replicationcontrollers/scale"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"daemonsets"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"deployments",
"deployments/scale",
"deployments/status",
"statefulsets"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs",
"buildconfigs/webhooks",
"builds"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/log"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs/instantiate",
"buildconfigs/instantiatebinary",
"builds/clone"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/details"
]
},
{
"verbs": [
"edit",
"view"
],
"attributeRestrictions": null,
"apiGroups": [
"build.openshift.io"
],
"resources": [
"jenkins"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs",
"deploymentconfigs/scale"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigrollbacks",
"deploymentconfigs/instantiate",
"deploymentconfigs/rollback"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs/log",
"deploymentconfigs/status"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimages",
"imagestreammappings",
"imagestreams",
"imagestreams/secrets",
"imagestreamtags"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/status"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/layers"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimports"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"project.openshift.io"
],
"resources": [
"projects"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"quota.openshift.io"
],
"resources": [
"appliedclusterresourcequotas"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes/custom-host"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes/status"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"template.openshift.io"
],
"resources": [
"processedtemplates",
"templateconfigs",
"templateinstances",
"templates"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildlogs"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"resourcequotausages"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "view",
"creationTimestamp": null,
"annotations": {
"openshift.io/description": "A user who can view but not edit any resources within the project. They can not view secrets or membership.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps",
"endpoints",
"persistentvolumeclaims",
"pods",
"replicationcontrollers",
"serviceaccounts",
"services"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"bindings",
"events",
"limitranges",
"namespaces",
"namespaces/status",
"pods/log",
"pods/status",
"replicationcontrollers/status",
"resourcequotas",
"resourcequotas/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"autoscaling"
],
"resources": [
"horizontalpodautoscalers"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"cronjobs",
"jobs",
"scheduledjobs"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"deployments",
"deployments/scale",
"horizontalpodautoscalers",
"replicasets",
"replicasets/scale"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"daemonsets"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"deployments",
"deployments/scale",
"statefulsets"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs",
"buildconfigs/webhooks",
"builds"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/log"
]
},
{
"verbs": [
"view"
],
"attributeRestrictions": null,
"apiGroups": [
"build.openshift.io"
],
"resources": [
"jenkins"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs",
"deploymentconfigs/scale"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs/log",
"deploymentconfigs/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimages",
"imagestreammappings",
"imagestreams",
"imagestreamtags"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/status"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"project.openshift.io"
],
"resources": [
"projects"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"quota.openshift.io"
],
"resources": [
"appliedclusterresourcequotas"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"template.openshift.io"
],
"resources": [
"processedtemplates",
"templateconfigs",
"templateinstances",
"templates"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildlogs"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"resourcequotausages"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "basic-user",
"creationTimestamp": null,
"annotations": {
"openshift.io/description": "A user that can get basic information about projects.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"user.openshift.io"
],
"resources": [
"users"
],
"resourceNames": [
"~"
]
},
{
"verbs": [
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"project.openshift.io"
],
"resources": [
"projectrequests"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"clusterroles"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"rbac.authorization.k8s.io"
],
"resources": [
"clusterroles"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"storage.k8s.io"
],
"resources": [
"storageclasses"
]
},
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"project.openshift.io"
],
"resources": [
"projects"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"selfsubjectrulesreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"selfsubjectaccessreviews"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "self-access-reviewer",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"selfsubjectrulesreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"selfsubjectaccessreviews"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "self-provisioner",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/description": "A user that can request projects.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"project.openshift.io"
],
"resources": [
"projectrequests"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "cluster-status",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/description": "A user that can get basic cluster status information.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": null,
"resources": [],
"nonResourceURLs": [
"/healthz",
"/healthz/*"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": null,
"resources": [],
"nonResourceURLs": [
"/",
"/.well-known",
"/.well-known/*",
"/api",
"/api/*",
"/apis",
"/apis/*",
"/oapi",
"/oapi/*",
"/osapi",
"/osapi/",
"/swagger-2.0.0.pb-v1",
"/swagger.json",
"/swaggerapi",
"/swaggerapi/*",
"/version",
"/version/*"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:image-auditor",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"images"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:image-puller",
"creationTimestamp": null,
"annotations": {
"openshift.io/description": "Grants the right to pull images from within a project.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/layers"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:image-pusher",
"creationTimestamp": null,
"annotations": {
"openshift.io/description": "Grants the right to push and pull images from within a project.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/layers"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:image-builder",
"creationTimestamp": null,
"annotations": {
"openshift.io/description": "Grants the right to build, push and pull images from within a project. Used primarily with service accounts for builds.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/layers"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/details"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:image-pruner",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods",
"replicationcontrollers"
]
},
{
"verbs": [
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"limitranges"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs",
"builds"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"daemonsets"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"deployments"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"replicasets"
]
},
{
"verbs": [
"delete"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"images"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"images",
"imagestreams"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/status"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:image-signer",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"images",
"imagestreams/layers"
]
},
{
"verbs": [
"create",
"delete"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagesignatures"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:deployer",
"creationTimestamp": null,
"annotations": {
"openshift.io/description": "Grants the right to deploy within a project. Used primarily with service accounts for automated deployments.",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"delete"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers"
]
},
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers"
]
},
{
"verbs": [
"create",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods/log"
]
},
{
"verbs": [
"create",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamtags"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:master",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"*"
],
"attributeRestrictions": null,
"apiGroups": [
"*"
],
"resources": [
"*"
]
},
{
"verbs": [
"*"
],
"attributeRestrictions": null,
"apiGroups": null,
"resources": [],
"nonResourceURLs": [
"*"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:oauth-token-deleter",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"delete"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"oauth.openshift.io"
],
"resources": [
"oauthaccesstokens",
"oauthauthorizetokens"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:router",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints"
]
},
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services"
]
},
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"route.openshift.io"
],
"resources": [
"routes/status"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:registry",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"limitranges",
"resourcequotas"
]
},
{
"verbs": [
"delete",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"images",
"imagestreamtags"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimages",
"imagestreams/secrets"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"images",
"imagestreams"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreammappings"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:node-proxier",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints",
"services"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:node-admin",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"proxy"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"*"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/log",
"nodes/metrics",
"nodes/proxy",
"nodes/spec",
"nodes/stats"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:node-reader",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/metrics",
"nodes/spec"
]
},
{
"verbs": [
"create",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/stats"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:node",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authentication.k8s.io"
],
"resources": [
"tokenreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"localsubjectaccessreviews",
"subjectaccessreviews"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services"
]
},
{
"verbs": [
"create",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"delete",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/status"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create",
"delete",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods/status"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods/eviction"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps",
"secrets"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumeclaims",
"persistentvolumes"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints"
]
},
{
"verbs": [
"create",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"certificates.k8s.io"
],
"resources": [
"certificatesigningrequests"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:sdn-reader",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"network.openshift.io"
],
"resources": [
"egressnetworkpolicies",
"hostsubnets",
"netnamespaces"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"namespaces",
"nodes"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"networkpolicies"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"network.openshift.io"
],
"resources": [
"clusternetworks"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:sdn-manager",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"network.openshift.io"
],
"resources": [
"hostsubnets",
"netnamespaces"
]
},
{
"verbs": [
"create",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"network.openshift.io"
],
"resources": [
"clusternetworks"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:webhook",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs/webhooks"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:discovery",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": null,
"resources": [],
"nonResourceURLs": [
"/",
"/.well-known",
"/.well-known/*",
"/api",
"/api/*",
"/apis",
"/apis/*",
"/oapi",
"/oapi/*",
"/osapi",
"/osapi/",
"/swagger-2.0.0.pb-v1",
"/swagger.json",
"/swaggerapi",
"/swaggerapi/*",
"/version",
"/version/*"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:persistent-volume-provisioner",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumes"
]
},
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumeclaims"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"storage.k8s.io"
],
"resources": [
"storageclasses"
]
},
{
"verbs": [
"create",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "registry-admin",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets",
"serviceaccounts"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimages",
"imagestreammappings",
"imagestreams",
"imagestreams/secrets",
"imagestreamtags"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimports"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/layers"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"rolebindings",
"roles"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"localresourceaccessreviews",
"localsubjectaccessreviews",
"subjectrulesreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"localsubjectaccessreviews"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"namespaces"
]
},
{
"verbs": [
"delete",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"project.openshift.io"
],
"resources": [
"projects"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"authorization.openshift.io"
],
"resources": [
"resourceaccessreviews",
"subjectaccessreviews"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "registry-editor",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets",
"serviceaccounts"
]
},
{
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimages",
"imagestreammappings",
"imagestreams",
"imagestreams/secrets",
"imagestreamtags"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimports"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/layers"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"namespaces"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"project.openshift.io"
],
"resources": [
"projects"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "registry-viewer",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimages",
"imagestreammappings",
"imagestreams",
"imagestreamtags"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/layers"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"namespaces"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"project.openshift.io"
],
"resources": [
"projects"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:templateservicebroker-client",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"delete",
"get",
"put",
"update"
],
"attributeRestrictions": null,
"apiGroups": null,
"resources": [],
"nonResourceURLs": [
"/brokers/template.openshift.io/*"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:replication-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:endpoint-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:replicaset-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:garbage-collector-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:job-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:hpa-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:daemonset-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:disruption-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:namespace-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:gc-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:certificate-signing-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:statefulset-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:build-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:deploymentconfig-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:deployment-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": []
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:build-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"delete",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/finalizers"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/custom",
"builds/docker",
"builds/jenkinspipeline",
"builds/optimizeddocker",
"builds/source"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"namespaces"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"serviceaccounts"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"security.openshift.io"
],
"resources": [
"podsecuritypolicysubjectreviews"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:build-config-change-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs/instantiate"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:deployer-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"get",
"list",
"patch",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"delete"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers"
]
},
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:deploymentconfig-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs/finalizers"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:template-instance-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"subjectaccessreviews"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"template.openshift.io"
],
"resources": [
"subjectaccessreviews"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"template.openshift.io"
],
"resources": [
"templateinstances/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"template.openshift.io"
],
"resources": [
"templateinstances/finalizers"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:origin-namespace-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"namespaces"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"namespaces/finalize",
"namespaces/status"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:serviceaccount-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"serviceaccounts"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:serviceaccount-pull-secrets-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"serviceaccounts"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:image-trigger-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"daemonsets"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"apps",
"extensions"
],
"resources": [
"deployments"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"statefulsets"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"cronjobs"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"buildconfigs/instantiate"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"build.openshift.io"
],
"resources": [
"builds/custom",
"builds/docker",
"builds/jenkinspipeline",
"builds/optimizeddocker",
"builds/source"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:service-serving-cert-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:image-import-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"images"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimports"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:sdn-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"network.openshift.io"
],
"resources": [
"clusternetworks"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"network.openshift.io"
],
"resources": [
"hostsubnets"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"network.openshift.io"
],
"resources": [
"netnamespaces"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"namespaces"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/status"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:cluster-quota-reconciliation-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"quota.openshift.io"
],
"resources": [
"clusterresourcequotas/status"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:unidling-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints",
"replicationcontrollers/scale"
]
},
{
"verbs": [
"get",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers"
]
},
{
"verbs": [
"get",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"apps",
"extensions"
],
"resources": [
"deployments/scale",
"replicasets/scale"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs/scale"
]
},
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:service-ingress-ip-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services/status"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:pv-recycler-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumes"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumes/status"
]
},
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumeclaims"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumeclaims/status"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:resourcequota-controller",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"resourcequotas/status"
]
},
{
"verbs": [
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"resourcequotas"
]
},
{
"verbs": [
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services"
]
},
{
"verbs": [
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
]
},
{
"verbs": [
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets"
]
},
{
"verbs": [
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:horizontal-pod-autoscaler",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"apps.openshift.io"
],
"resources": [
"deploymentconfigs/scale"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:template-service-broker",
"creationTimestamp": null,
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"subjectaccessreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.openshift.io"
],
"resources": [
"subjectaccessreviews"
]
},
{
"verbs": [
"create",
"delete",
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"template.openshift.io"
],
"resources": [
"brokertemplateinstances"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"template.openshift.io"
],
"resources": [
"brokertemplateinstances/finalizers"
]
},
{
"verbs": [
"assign",
"create",
"delete",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"template.openshift.io"
],
"resources": [
"templateinstances"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"template.openshift.io"
],
"resources": [
"templates"
]
},
{
"verbs": [
"create",
"delete",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps",
"services"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"routes"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"route.openshift.io"
],
"resources": [
"routes"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:attachdetach-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumeclaims",
"persistentvolumes"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/status"
]
},
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:cronjob-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"cronjobs"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"jobs"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"cronjobs/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"cronjobs/finalizers"
]
},
{
"verbs": [
"delete",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:daemon-set-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps",
"extensions"
],
"resources": [
"daemonsets"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"apps",
"extensions"
],
"resources": [
"daemonsets/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"apps",
"extensions"
],
"resources": [
"daemonsets/finalizers"
]
},
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"create",
"delete",
"list",
"patch",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods/binding"
]
},
{
"verbs": [
"create",
"delete",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"controllerrevisions"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:deployment-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps",
"extensions"
],
"resources": [
"deployments"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"apps",
"extensions"
],
"resources": [
"deployments/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"apps",
"extensions"
],
"resources": [
"deployments/finalizers"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"replicasets"
]
},
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:disruption-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps",
"extensions"
],
"resources": [
"deployments"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"replicasets"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"policy"
],
"resources": [
"poddisruptionbudgets"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"statefulsets"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"policy"
],
"resources": [
"poddisruptionbudgets/status"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:endpoint-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods",
"services"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints/restricted"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:generic-garbage-collector",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"delete",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"*"
],
"resources": [
"*"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:horizontal-pod-autoscaler",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"autoscaling"
],
"resources": [
"horizontalpodautoscalers"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"autoscaling"
],
"resources": [
"horizontalpodautoscalers/status"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers/scale"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"replicationcontrollers/scale"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"apps",
"extensions"
],
"resources": [
"deployments/scale",
"replicasets/scale"
]
},
{
"verbs": [
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"proxy"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services"
],
"resourceNames": [
"http:heapster:",
"https:heapster:"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services/proxy"
],
"resourceNames": [
"http:heapster:",
"https:heapster:"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:job-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"jobs"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"jobs/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"batch"
],
"resources": [
"jobs/finalizers"
]
},
{
"verbs": [
"create",
"delete",
"list",
"patch",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:namespace-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"delete",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"namespaces"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"namespaces/finalize",
"namespaces/status"
]
},
{
"verbs": [
"delete",
"deletecollection",
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
"*"
],
"resources": [
"*"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:node-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"delete",
"get",
"list",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods/status"
]
},
{
"verbs": [
"delete",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:persistent-volume-binder",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"delete",
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumes"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumes/status"
]
},
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumeclaims"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumeclaims/status"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"storage.k8s.io"
],
"resources": [
"storageclasses"
]
},
{
"verbs": [
"create",
"delete",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints",
"services"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets"
]
},
{
"verbs": [
"get",
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:pod-garbage-collector",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"delete",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"list"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:replicaset-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"replicasets"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"replicasets/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"replicasets/finalizers"
]
},
{
"verbs": [
"create",
"delete",
"list",
"patch",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:replication-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers/finalizers"
]
},
{
"verbs": [
"create",
"delete",
"list",
"patch",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:resourcequota-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"*"
],
"resources": [
"*"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"resourcequotas/status"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:route-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"patch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/status"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:service-account-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"serviceaccounts"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:service-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"services/status"
]
},
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:statefulset-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"statefulsets"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"statefulsets/status"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"statefulsets/finalizers"
]
},
{
"verbs": [
"create",
"delete",
"get",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods"
]
},
{
"verbs": [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"controllerrevisions"
]
},
{
"verbs": [
"create",
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumeclaims"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:ttl-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"patch",
"update",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:certificate-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"certificates.k8s.io"
],
"resources": [
"certificatesigningrequests"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
"certificates.k8s.io"
],
"resources": [
"certificatesigningrequests/approval",
"certificatesigningrequests/status"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"subjectaccessreviews"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:basic-user",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"selfsubjectaccessreviews"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:heapster",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events",
"namespaces",
"nodes",
"pods"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:node-problem-detector",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes"
]
},
{
"verbs": [
"patch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes/status"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:node-bootstrapper",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"certificates.k8s.io"
],
"resources": [
"certificatesigningrequests"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:auth-delegator",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authentication.k8s.io"
],
"resources": [
"tokenreviews"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authorization.k8s.io"
],
"resources": [
"subjectaccessreviews"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:kube-aggregator",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints",
"services"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:kube-controller-manager",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints",
"secrets",
"serviceaccounts"
]
},
{
"verbs": [
"delete"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints",
"namespaces",
"secrets",
"serviceaccounts"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints",
"secrets",
"serviceaccounts"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
"authentication.k8s.io"
],
"resources": [
"tokenreviews"
]
},
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"*"
],
"resources": [
"*"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:kube-scheduler",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints"
]
},
{
"verbs": [
"delete",
"get",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints"
],
"resourceNames": [
"kube-scheduler"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"nodes",
"pods"
]
},
{
"verbs": [
"create"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"bindings",
"pods/binding"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"pods/status"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"replicationcontrollers",
"services"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"extensions"
],
"resources": [
"replicasets"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"apps"
],
"resources": [
"statefulsets"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"persistentvolumeclaims",
"persistentvolumes"
]
}
]
},
{
"kind": "ClusterRole",
"apiVersion": "v1",
"metadata": {
"name": "system:kube-dns",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"authorization.openshift.io/system-only": "true",
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"endpoints",
"services"
]
}
]
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:masters",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:masters"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:masters"
}
],
"roleRef": {
"name": "system:master"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:node-admins",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:master"
],
"groupNames": [
"system:node-admins"
],
"subjects": [
{
"kind": "SystemUser",
"name": "system:master"
},
{
"kind": "SystemGroup",
"name": "system:node-admins"
}
],
"roleRef": {
"name": "system:node-admin"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "cluster-admins",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:admin"
],
"groupNames": [
"system:cluster-admins"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:cluster-admins"
},
{
"kind": "SystemUser",
"name": "system:admin"
}
],
"roleRef": {
"name": "cluster-admin"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "cluster-readers",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:cluster-readers"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:cluster-readers"
}
],
"roleRef": {
"name": "cluster-reader"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "basic-users",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
}
],
"roleRef": {
"name": "basic-user"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "self-access-reviewers",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated",
"system:unauthenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
},
{
"kind": "SystemGroup",
"name": "system:unauthenticated"
}
],
"roleRef": {
"name": "self-access-reviewer"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "self-provisioners",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated:oauth"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated:oauth"
}
],
"roleRef": {
"name": "self-provisioner"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:oauth-token-deleters",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated",
"system:unauthenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
},
{
"kind": "SystemGroup",
"name": "system:unauthenticated"
}
],
"roleRef": {
"name": "system:oauth-token-deleter"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "cluster-status-binding",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated",
"system:unauthenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
},
{
"kind": "SystemGroup",
"name": "system:unauthenticated"
}
],
"roleRef": {
"name": "cluster-status"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:node-proxiers",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:nodes"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:nodes"
}
],
"roleRef": {
"name": "system:node-proxier"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:sdn-readers",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:nodes"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:nodes"
}
],
"roleRef": {
"name": "system:sdn-reader"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:webhooks",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated",
"system:unauthenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
},
{
"kind": "SystemGroup",
"name": "system:unauthenticated"
}
],
"roleRef": {
"name": "system:webhook"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:discovery-binding",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated",
"system:unauthenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
},
{
"kind": "SystemGroup",
"name": "system:unauthenticated"
}
],
"roleRef": {
"name": "system:discovery"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:build-strategy-docker-binding",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
}
],
"roleRef": {
"name": "system:build-strategy-docker"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:build-strategy-source-binding",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
}
],
"roleRef": {
"name": "system:build-strategy-source"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:build-strategy-jenkinspipeline-binding",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
}
],
"roleRef": {
"name": "system:build-strategy-jenkinspipeline"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:node-bootstrapper",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:node-bootstrapper"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "node-bootstrapper"
}
],
"roleRef": {
"name": "system:node-bootstrapper"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:scope-impersonation",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated",
"system:unauthenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
},
{
"kind": "SystemGroup",
"name": "system:unauthenticated"
}
],
"roleRef": {
"name": "system:scope-impersonation"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:nodes",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": null,
"subjects": [],
"roleRef": {
"name": "system:node"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:attachdetach-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:attachdetach-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "attachdetach-controller"
}
],
"roleRef": {
"name": "system:controller:attachdetach-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:cronjob-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:cronjob-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "cronjob-controller"
}
],
"roleRef": {
"name": "system:controller:cronjob-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:daemon-set-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:daemon-set-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "daemon-set-controller"
}
],
"roleRef": {
"name": "system:controller:daemon-set-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:deployment-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:deployment-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "deployment-controller"
}
],
"roleRef": {
"name": "system:controller:deployment-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:disruption-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:disruption-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "disruption-controller"
}
],
"roleRef": {
"name": "system:controller:disruption-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:endpoint-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:endpoint-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "endpoint-controller"
}
],
"roleRef": {
"name": "system:controller:endpoint-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:generic-garbage-collector",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:generic-garbage-collector"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "generic-garbage-collector"
}
],
"roleRef": {
"name": "system:controller:generic-garbage-collector"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:horizontal-pod-autoscaler",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:horizontal-pod-autoscaler"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "horizontal-pod-autoscaler"
}
],
"roleRef": {
"name": "system:controller:horizontal-pod-autoscaler"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:job-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:job-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "job-controller"
}
],
"roleRef": {
"name": "system:controller:job-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:namespace-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:namespace-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "namespace-controller"
}
],
"roleRef": {
"name": "system:controller:namespace-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:node-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:node-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "node-controller"
}
],
"roleRef": {
"name": "system:controller:node-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:persistent-volume-binder",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:persistent-volume-binder"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "persistent-volume-binder"
}
],
"roleRef": {
"name": "system:controller:persistent-volume-binder"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:pod-garbage-collector",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:pod-garbage-collector"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "pod-garbage-collector"
}
],
"roleRef": {
"name": "system:controller:pod-garbage-collector"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:replicaset-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:replicaset-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "replicaset-controller"
}
],
"roleRef": {
"name": "system:controller:replicaset-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:replication-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:replication-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "replication-controller"
}
],
"roleRef": {
"name": "system:controller:replication-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:resourcequota-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:resourcequota-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "resourcequota-controller"
}
],
"roleRef": {
"name": "system:controller:resourcequota-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:route-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:route-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "route-controller"
}
],
"roleRef": {
"name": "system:controller:route-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:service-account-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:service-account-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "service-account-controller"
}
],
"roleRef": {
"name": "system:controller:service-account-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:service-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:service-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "service-controller"
}
],
"roleRef": {
"name": "system:controller:service-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:statefulset-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:statefulset-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "statefulset-controller"
}
],
"roleRef": {
"name": "system:controller:statefulset-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:ttl-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:ttl-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "ttl-controller"
}
],
"roleRef": {
"name": "system:controller:ttl-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:certificate-controller",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:certificate-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "certificate-controller"
}
],
"roleRef": {
"name": "system:controller:certificate-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:build-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:build-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "build-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:build-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:build-config-change-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:build-config-change-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "build-config-change-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:build-config-change-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:deployer-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:deployer-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "deployer-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:deployer-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:deploymentconfig-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:deploymentconfig-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "deploymentconfig-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:deploymentconfig-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:template-instance-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:template-instance-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "template-instance-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:template-instance-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "admin",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:template-instance-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "template-instance-controller"
}
],
"roleRef": {
"name": "admin"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:origin-namespace-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:origin-namespace-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "origin-namespace-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:origin-namespace-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:serviceaccount-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:serviceaccount-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "serviceaccount-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:serviceaccount-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:serviceaccount-pull-secrets-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:serviceaccount-pull-secrets-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "serviceaccount-pull-secrets-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:serviceaccount-pull-secrets-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:image-trigger-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:image-trigger-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "image-trigger-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:image-trigger-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:service-serving-cert-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:service-serving-cert-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "service-serving-cert-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:service-serving-cert-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:image-import-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:image-import-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "image-import-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:image-import-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:sdn-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:sdn-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "sdn-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:sdn-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:cluster-quota-reconciliation-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:cluster-quota-reconciliation-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "cluster-quota-reconciliation-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:cluster-quota-reconciliation-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:unidling-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:unidling-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "unidling-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:unidling-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:service-ingress-ip-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:service-ingress-ip-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "service-ingress-ip-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:service-ingress-ip-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:pv-recycler-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:pv-recycler-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "pv-recycler-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:pv-recycler-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:resourcequota-controller",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:resourcequota-controller"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "resourcequota-controller"
}
],
"roleRef": {
"name": "system:openshift:controller:resourcequota-controller"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:horizontal-pod-autoscaler",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:horizontal-pod-autoscaler"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "horizontal-pod-autoscaler"
}
],
"roleRef": {
"name": "system:openshift:controller:horizontal-pod-autoscaler"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:horizontal-pod-autoscaler",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:horizontal-pod-autoscaler"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "horizontal-pod-autoscaler"
}
],
"roleRef": {
"name": "system:controller:horizontal-pod-autoscaler"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:openshift:controller:template-service-broker",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:openshift-infra:template-service-broker"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "openshift-infra",
"name": "template-service-broker"
}
],
"roleRef": {
"name": "system:openshift:controller:template-service-broker"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "cluster-admin",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:masters"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:masters"
}
],
"roleRef": {
"name": "cluster-admin"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:discovery",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated",
"system:unauthenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
},
{
"kind": "SystemGroup",
"name": "system:unauthenticated"
}
],
"roleRef": {
"name": "system:discovery"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:basic-user",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated",
"system:unauthenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
},
{
"kind": "SystemGroup",
"name": "system:unauthenticated"
}
],
"roleRef": {
"name": "system:basic-user"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:node-proxier",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:kube-proxy"
],
"groupNames": null,
"subjects": [
{
"kind": "SystemUser",
"name": "system:kube-proxy"
}
],
"roleRef": {
"name": "system:node-proxier"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:kube-controller-manager",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:kube-controller-manager"
],
"groupNames": null,
"subjects": [
{
"kind": "SystemUser",
"name": "system:kube-controller-manager"
}
],
"roleRef": {
"name": "system:kube-controller-manager"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:kube-dns",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:kube-dns"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "kube-dns"
}
],
"roleRef": {
"name": "system:kube-dns"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:kube-scheduler",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:kube-scheduler"
],
"groupNames": null,
"subjects": [
{
"kind": "SystemUser",
"name": "system:kube-scheduler"
}
],
"roleRef": {
"name": "system:kube-scheduler"
}
},
{
"kind": "ClusterRoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:node",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": null,
"subjects": [],
"roleRef": {
"name": "system:node"
}
},
{
"kind": "Role",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:bootstrap-signer",
"namespace": "kube-public",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
]
},
{
"verbs": [
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
],
"resourceNames": [
"cluster-info"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "Role",
"apiVersion": "v1",
"metadata": {
"name": "extension-apiserver-authentication-reader",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
],
"resourceNames": [
"extension-apiserver-authentication"
]
}
]
},
{
"kind": "Role",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:bootstrap-signer",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets"
]
}
]
},
{
"kind": "Role",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:cloud-provider",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"create",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
]
}
]
},
{
"kind": "Role",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:token-cleaner",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"delete",
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"secrets"
]
},
{
"verbs": [
"create",
"patch",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"events"
]
}
]
},
{
"kind": "Role",
"apiVersion": "v1",
"metadata": {
"name": "system::leader-locking-kube-controller-manager",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
],
"resourceNames": [
"kube-controller-manager"
]
}
]
},
{
"kind": "Role",
"apiVersion": "v1",
"metadata": {
"name": "system::leader-locking-kube-scheduler",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
]
},
{
"verbs": [
"get",
"update"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
],
"resourceNames": [
"kube-scheduler"
]
}
]
},
{
"kind": "Role",
"apiVersion": "v1",
"metadata": {
"name": "shared-resource-viewer",
"namespace": "openshift",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"template.openshift.io"
],
"resources": [
"templates"
]
},
{
"verbs": [
"get",
"list",
"watch"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreamimages",
"imagestreams",
"imagestreamtags"
]
},
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
"",
"image.openshift.io"
],
"resources": [
"imagestreams/layers"
]
}
]
},
{
"kind": "Role",
"apiVersion": "v1",
"metadata": {
"name": "system:node-config-reader",
"namespace": "openshift-node",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"rules": [
{
"verbs": [
"get"
],
"attributeRestrictions": null,
"apiGroups": [
""
],
"resources": [
"configmaps"
]
}
]
},
{
"kind": "RoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:bootstrap-signer",
"namespace": "kube-public",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:bootstrap-signer"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "bootstrap-signer"
}
],
"roleRef": {
"namespace": "kube-public",
"name": "system:controller:bootstrap-signer"
}
},
{
"kind": "RoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system::leader-locking-kube-controller-manager",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:kube-controller-manager"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "kube-controller-manager"
}
],
"roleRef": {
"namespace": "kube-system",
"name": "system::leader-locking-kube-controller-manager"
}
},
{
"kind": "RoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system::leader-locking-kube-scheduler",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:kube-scheduler"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "kube-scheduler"
}
],
"roleRef": {
"namespace": "kube-system",
"name": "system::leader-locking-kube-scheduler"
}
},
{
"kind": "RoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:bootstrap-signer",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:bootstrap-signer"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "bootstrap-signer"
}
],
"roleRef": {
"namespace": "kube-system",
"name": "system:controller:bootstrap-signer"
}
},
{
"kind": "RoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:cloud-provider",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:cloud-provider"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "cloud-provider"
}
],
"roleRef": {
"namespace": "kube-system",
"name": "system:controller:cloud-provider"
}
},
{
"kind": "RoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:controller:token-cleaner",
"namespace": "kube-system",
"creationTimestamp": null,
"labels": {
"kubernetes.io/bootstrapping": "rbac-defaults"
},
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": [
"system:serviceaccount:kube-system:token-cleaner"
],
"groupNames": null,
"subjects": [
{
"kind": "ServiceAccount",
"namespace": "kube-system",
"name": "token-cleaner"
}
],
"roleRef": {
"namespace": "kube-system",
"name": "system:controller:token-cleaner"
}
},
{
"kind": "RoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "shared-resource-viewers",
"namespace": "openshift",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:authenticated"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:authenticated"
}
],
"roleRef": {
"namespace": "openshift",
"name": "shared-resource-viewer"
}
},
{
"kind": "RoleBinding",
"apiVersion": "v1",
"metadata": {
"name": "system:node-config-reader",
"namespace": "openshift-node",
"creationTimestamp": null,
"annotations": {
"openshift.io/reconcile-protect": "false"
}
},
"userNames": null,
"groupNames": [
"system:nodes"
],
"subjects": [
{
"kind": "SystemGroup",
"name": "system:nodes"
}
],
"roleRef": {
"namespace": "openshift-node",
"name": "system:node-config-reader"
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment