Created
May 5, 2017 08:36
-
-
Save xiaoping378/798c39e0b607be4130db655f4873bd24 to your computer and use it in GitHub Desktop.
workflow rbac
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis-builder | |
| namespace: deis | |
| rules: | |
| - apiGroups: [""] | |
| resources: ["secrets"] | |
| verbs: ["create", "update", "delete"] | |
| - apiGroups: [""] | |
| resources: ["pods"] | |
| verbs: ["create", "get", "watch", "list"] | |
| - apiGroups: [""] | |
| resources: ["pods/log"] | |
| verbs: ["get"] | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis-builder | |
| namespace: deis | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: deis-builder | |
| subjects: | |
| - kind: ServiceAccount | |
| name: deis-builder | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis:deis-builder | |
| rules: | |
| - apiGroups: [""] | |
| resources: ["namespaces"] | |
| verbs: ["list"] | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis:deis-builder | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: deis:deis-builder | |
| subjects: | |
| - kind: ServiceAccount | |
| name: deis-builder | |
| namespace: deis | |
| --- | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis:deis-controller | |
| rules: | |
| - apiGroups: [""] | |
| resources: ["namespaces"] | |
| verbs: ["get", "list", "create", "delete"] | |
| - apiGroups: [""] | |
| resources: ["services"] | |
| verbs: ["get", "create", "update"] | |
| - apiGroups: [""] | |
| resources: ["nodes"] | |
| verbs: ["list"] | |
| - apiGroups: [""] | |
| resources: ["events"] | |
| verbs: ["list"] | |
| - apiGroups: [""] | |
| resources: ["secrets"] | |
| verbs: ["list", "get", "create", "update"] | |
| - apiGroups: [""] | |
| resources: ["replicationcontrollers"] | |
| verbs: ["list", "get"] | |
| - apiGroups: [""] | |
| resources: ["pods/log"] | |
| verbs: ["get"] | |
| - apiGroups: [""] | |
| resources: ["pods"] | |
| verbs: ["list", "delete"] | |
| - apiGroups: ["extensions"] | |
| resources: ["replicasets"] | |
| verbs: ["list", "delete", "update"] | |
| - apiGroups: ["extensions", "apps"] | |
| resources: ["deployments"] | |
| verbs: ["get", "list", "create", "update", "delete"] | |
| - apiGroups: ["extensions"] | |
| resources: ["deployments/scale", "replicasets/scale"] | |
| verbs: ["get", "update"] | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis:deis-controller | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: deis:deis-controller | |
| subjects: | |
| - kind: ServiceAccount | |
| name: deis-controller | |
| namespace: deis | |
| --- | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis:deis-logger-fluentd | |
| rules: | |
| - apiGroups: [""] | |
| resources: ["pods"] | |
| verbs: ["list", "get", "watch"] | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis:deis-logger-fluentd | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: deis:deis-logger-fluentd | |
| subjects: | |
| - kind: ServiceAccount | |
| name: deis-logger-fluentd | |
| namespace: deis | |
| --- | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis:deis-router | |
| rules: | |
| - apiGroups: ["extensions", "apps"] | |
| resources: ["deployments"] | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: [""] | |
| resources: ["services"] | |
| verbs: ["get", "list", "watch"] | |
| - apiGroups: [""] | |
| resources: ["secrets"] | |
| verbs: ["get", "list"] | |
| - apiGroups: [""] | |
| resources: ["endpoints"] | |
| verbs: ["get"] | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis:deis-router | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: deis:deis-router | |
| subjects: | |
| - kind: ServiceAccount | |
| name: deis-router | |
| namespace: deis | |
| --- | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis-monitor-telegraf | |
| namespace: deis | |
| rules: | |
| - apiGroups: [""] | |
| resources: ["pods"] | |
| verbs: ["get"] | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: deis-monitor-telegraf | |
| namespace: deis | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: deis-monitor-telegraf | |
| subjects: | |
| - kind: ServiceAccount | |
| name: deis-monitor-telegraf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment