1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: v1
16kind: Namespace
17metadata:
18 annotations:
19 cnrm.cloud.google.com/version: 1.106.0
20 labels:
21 cnrm.cloud.google.com/system: "true"
22 name: cnrm-system
23---
24apiVersion: v1
25kind: ServiceAccount
26metadata:
27 annotations:
28 cnrm.cloud.google.com/version: 1.106.0
29 iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com
30 labels:
31 cnrm.cloud.google.com/system: "true"
32 name: cnrm-controller-manager
33 namespace: cnrm-system
34---
35apiVersion: v1
36kind: ServiceAccount
37metadata:
38 annotations:
39 cnrm.cloud.google.com/version: 1.106.0
40 labels:
41 cnrm.cloud.google.com/system: "true"
42 name: cnrm-deletiondefender
43 namespace: cnrm-system
44---
45apiVersion: v1
46kind: ServiceAccount
47metadata:
48 annotations:
49 cnrm.cloud.google.com/version: 1.106.0
50 labels:
51 cnrm.cloud.google.com/system: "true"
52 name: cnrm-resource-stats-recorder
53 namespace: cnrm-system
54---
55apiVersion: v1
56kind: ServiceAccount
57metadata:
58 annotations:
59 cnrm.cloud.google.com/version: 1.106.0
60 labels:
61 cnrm.cloud.google.com/system: "true"
62 name: cnrm-webhook-manager
63 namespace: cnrm-system
64---
65apiVersion: rbac.authorization.k8s.io/v1
66kind: Role
67metadata:
68 annotations:
69 cnrm.cloud.google.com/version: 1.106.0
70 labels:
71 cnrm.cloud.google.com/system: "true"
72 name: cnrm-deletiondefender-cnrm-system-role
73 namespace: cnrm-system
74rules:
75- apiGroups:
76 - ""
77 resources:
78 - secrets
79 verbs:
80 - get
81 - create
82 - update
83 - patch
84 - delete
85---
86apiVersion: rbac.authorization.k8s.io/v1
87kind: Role
88metadata:
89 annotations:
90 cnrm.cloud.google.com/version: 1.106.0
91 labels:
92 cnrm.cloud.google.com/system: "true"
93 name: cnrm-webhook-cnrm-system-role
94 namespace: cnrm-system
95rules:
96- apiGroups:
97 - ""
98 resources:
99 - secrets
100 verbs:
101 - get
102 - create
103 - update
104 - patch
105 - delete
106---
107apiVersion: rbac.authorization.k8s.io/v1
108kind: ClusterRole
109metadata:
110 annotations:
111 cnrm.cloud.google.com/version: 1.106.0
112 creationTimestamp: null
113 labels:
114 cnrm.cloud.google.com/system: "true"
115 rbac.authorization.k8s.io/aggregate-to-admin: "true"
116 rbac.authorization.k8s.io/aggregate-to-edit: "true"
117 name: cnrm-admin
118rules:
119- apiGroups:
120 - accesscontextmanager.cnrm.cloud.google.com
121 resources:
122 - '*'
123 verbs:
124 - get
125 - list
126 - watch
127 - create
128 - update
129 - patch
130 - delete
131- apiGroups:
132 - alloydb.cnrm.cloud.google.com
133 resources:
134 - '*'
135 verbs:
136 - get
137 - list
138 - watch
139 - create
140 - update
141 - patch
142 - delete
143- apiGroups:
144 - apigateway.cnrm.cloud.google.com
145 resources:
146 - '*'
147 verbs:
148 - get
149 - list
150 - watch
151 - create
152 - update
153 - patch
154 - delete
155- apiGroups:
156 - apigee.cnrm.cloud.google.com
157 resources:
158 - '*'
159 verbs:
160 - get
161 - list
162 - watch
163 - create
164 - update
165 - patch
166 - delete
167- apiGroups:
168 - appengine.cnrm.cloud.google.com
169 resources:
170 - '*'
171 verbs:
172 - get
173 - list
174 - watch
175 - create
176 - update
177 - patch
178 - delete
179- apiGroups:
180 - artifactregistry.cnrm.cloud.google.com
181 resources:
182 - '*'
183 verbs:
184 - get
185 - list
186 - watch
187 - create
188 - update
189 - patch
190 - delete
191- apiGroups:
192 - beyondcorp.cnrm.cloud.google.com
193 resources:
194 - '*'
195 verbs:
196 - get
197 - list
198 - watch
199 - create
200 - update
201 - patch
202 - delete
203- apiGroups:
204 - bigquery.cnrm.cloud.google.com
205 resources:
206 - '*'
207 verbs:
208 - get
209 - list
210 - watch
211 - create
212 - update
213 - patch
214 - delete
215- apiGroups:
216 - bigqueryanalyticshub.cnrm.cloud.google.com
217 resources:
218 - '*'
219 verbs:
220 - get
221 - list
222 - watch
223 - create
224 - update
225 - patch
226 - delete
227- apiGroups:
228 - bigqueryconnection.cnrm.cloud.google.com
229 resources:
230 - '*'
231 verbs:
232 - get
233 - list
234 - watch
235 - create
236 - update
237 - patch
238 - delete
239- apiGroups:
240 - bigquerydatapolicy.cnrm.cloud.google.com
241 resources:
242 - '*'
243 verbs:
244 - get
245 - list
246 - watch
247 - create
248 - update
249 - patch
250 - delete
251- apiGroups:
252 - bigquerydatatransfer.cnrm.cloud.google.com
253 resources:
254 - '*'
255 verbs:
256 - get
257 - list
258 - watch
259 - create
260 - update
261 - patch
262 - delete
263- apiGroups:
264 - bigqueryreservation.cnrm.cloud.google.com
265 resources:
266 - '*'
267 verbs:
268 - get
269 - list
270 - watch
271 - create
272 - update
273 - patch
274 - delete
275- apiGroups:
276 - bigtable.cnrm.cloud.google.com
277 resources:
278 - '*'
279 verbs:
280 - get
281 - list
282 - watch
283 - create
284 - update
285 - patch
286 - delete
287- apiGroups:
288 - billingbudgets.cnrm.cloud.google.com
289 resources:
290 - '*'
291 verbs:
292 - get
293 - list
294 - watch
295 - create
296 - update
297 - patch
298 - delete
299- apiGroups:
300 - binaryauthorization.cnrm.cloud.google.com
301 resources:
302 - '*'
303 verbs:
304 - get
305 - list
306 - watch
307 - create
308 - update
309 - patch
310 - delete
311- apiGroups:
312 - certificatemanager.cnrm.cloud.google.com
313 resources:
314 - '*'
315 verbs:
316 - get
317 - list
318 - watch
319 - create
320 - update
321 - patch
322 - delete
323- apiGroups:
324 - cloudasset.cnrm.cloud.google.com
325 resources:
326 - '*'
327 verbs:
328 - get
329 - list
330 - watch
331 - create
332 - update
333 - patch
334 - delete
335- apiGroups:
336 - cloudbuild.cnrm.cloud.google.com
337 resources:
338 - '*'
339 verbs:
340 - get
341 - list
342 - watch
343 - create
344 - update
345 - patch
346 - delete
347- apiGroups:
348 - cloudfunctions.cnrm.cloud.google.com
349 resources:
350 - '*'
351 verbs:
352 - get
353 - list
354 - watch
355 - create
356 - update
357 - patch
358 - delete
359- apiGroups:
360 - cloudfunctions2.cnrm.cloud.google.com
361 resources:
362 - '*'
363 verbs:
364 - get
365 - list
366 - watch
367 - create
368 - update
369 - patch
370 - delete
371- apiGroups:
372 - cloudidentity.cnrm.cloud.google.com
373 resources:
374 - '*'
375 verbs:
376 - get
377 - list
378 - watch
379 - create
380 - update
381 - patch
382 - delete
383- apiGroups:
384 - cloudids.cnrm.cloud.google.com
385 resources:
386 - '*'
387 verbs:
388 - get
389 - list
390 - watch
391 - create
392 - update
393 - patch
394 - delete
395- apiGroups:
396 - cloudiot.cnrm.cloud.google.com
397 resources:
398 - '*'
399 verbs:
400 - get
401 - list
402 - watch
403 - create
404 - update
405 - patch
406 - delete
407- apiGroups:
408 - cloudscheduler.cnrm.cloud.google.com
409 resources:
410 - '*'
411 verbs:
412 - get
413 - list
414 - watch
415 - create
416 - update
417 - patch
418 - delete
419- apiGroups:
420 - cloudtasks.cnrm.cloud.google.com
421 resources:
422 - '*'
423 verbs:
424 - get
425 - list
426 - watch
427 - create
428 - update
429 - patch
430 - delete
431- apiGroups:
432 - compute.cnrm.cloud.google.com
433 resources:
434 - '*'
435 verbs:
436 - get
437 - list
438 - watch
439 - create
440 - update
441 - patch
442 - delete
443- apiGroups:
444 - configcontroller.cnrm.cloud.google.com
445 resources:
446 - '*'
447 verbs:
448 - get
449 - list
450 - watch
451 - create
452 - update
453 - patch
454 - delete
455- apiGroups:
456 - container.cnrm.cloud.google.com
457 resources:
458 - '*'
459 verbs:
460 - get
461 - list
462 - watch
463 - create
464 - update
465 - patch
466 - delete
467- apiGroups:
468 - containeranalysis.cnrm.cloud.google.com
469 resources:
470 - '*'
471 verbs:
472 - get
473 - list
474 - watch
475 - create
476 - update
477 - patch
478 - delete
479- apiGroups:
480 - datacatalog.cnrm.cloud.google.com
481 resources:
482 - '*'
483 verbs:
484 - get
485 - list
486 - watch
487 - create
488 - update
489 - patch
490 - delete
491- apiGroups:
492 - dataflow.cnrm.cloud.google.com
493 resources:
494 - '*'
495 verbs:
496 - get
497 - list
498 - watch
499 - create
500 - update
501 - patch
502 - delete
503- apiGroups:
504 - dataform.cnrm.cloud.google.com
505 resources:
506 - '*'
507 verbs:
508 - get
509 - list
510 - watch
511 - create
512 - update
513 - patch
514 - delete
515- apiGroups:
516 - datafusion.cnrm.cloud.google.com
517 resources:
518 - '*'
519 verbs:
520 - get
521 - list
522 - watch
523 - create
524 - update
525 - patch
526 - delete
527- apiGroups:
528 - dataproc.cnrm.cloud.google.com
529 resources:
530 - '*'
531 verbs:
532 - get
533 - list
534 - watch
535 - create
536 - update
537 - patch
538 - delete
539- apiGroups:
540 - datastore.cnrm.cloud.google.com
541 resources:
542 - '*'
543 verbs:
544 - get
545 - list
546 - watch
547 - create
548 - update
549 - patch
550 - delete
551- apiGroups:
552 - datastream.cnrm.cloud.google.com
553 resources:
554 - '*'
555 verbs:
556 - get
557 - list
558 - watch
559 - create
560 - update
561 - patch
562 - delete
563- apiGroups:
564 - deploymentmanager.cnrm.cloud.google.com
565 resources:
566 - '*'
567 verbs:
568 - get
569 - list
570 - watch
571 - create
572 - update
573 - patch
574 - delete
575- apiGroups:
576 - dialogflow.cnrm.cloud.google.com
577 resources:
578 - '*'
579 verbs:
580 - get
581 - list
582 - watch
583 - create
584 - update
585 - patch
586 - delete
587- apiGroups:
588 - dialogflowcx.cnrm.cloud.google.com
589 resources:
590 - '*'
591 verbs:
592 - get
593 - list
594 - watch
595 - create
596 - update
597 - patch
598 - delete
599- apiGroups:
600 - dlp.cnrm.cloud.google.com
601 resources:
602 - '*'
603 verbs:
604 - get
605 - list
606 - watch
607 - create
608 - update
609 - patch
610 - delete
611- apiGroups:
612 - dns.cnrm.cloud.google.com
613 resources:
614 - '*'
615 verbs:
616 - get
617 - list
618 - watch
619 - create
620 - update
621 - patch
622 - delete
623- apiGroups:
624 - documentai.cnrm.cloud.google.com
625 resources:
626 - '*'
627 verbs:
628 - get
629 - list
630 - watch
631 - create
632 - update
633 - patch
634 - delete
635- apiGroups:
636 - essentialcontacts.cnrm.cloud.google.com
637 resources:
638 - '*'
639 verbs:
640 - get
641 - list
642 - watch
643 - create
644 - update
645 - patch
646 - delete
647- apiGroups:
648 - eventarc.cnrm.cloud.google.com
649 resources:
650 - '*'
651 verbs:
652 - get
653 - list
654 - watch
655 - create
656 - update
657 - patch
658 - delete
659- apiGroups:
660 - filestore.cnrm.cloud.google.com
661 resources:
662 - '*'
663 verbs:
664 - get
665 - list
666 - watch
667 - create
668 - update
669 - patch
670 - delete
671- apiGroups:
672 - firebase.cnrm.cloud.google.com
673 resources:
674 - '*'
675 verbs:
676 - get
677 - list
678 - watch
679 - create
680 - update
681 - patch
682 - delete
683- apiGroups:
684 - firebasedatabase.cnrm.cloud.google.com
685 resources:
686 - '*'
687 verbs:
688 - get
689 - list
690 - watch
691 - create
692 - update
693 - patch
694 - delete
695- apiGroups:
696 - firebasehosting.cnrm.cloud.google.com
697 resources:
698 - '*'
699 verbs:
700 - get
701 - list
702 - watch
703 - create
704 - update
705 - patch
706 - delete
707- apiGroups:
708 - firebasestorage.cnrm.cloud.google.com
709 resources:
710 - '*'
711 verbs:
712 - get
713 - list
714 - watch
715 - create
716 - update
717 - patch
718 - delete
719- apiGroups:
720 - firestore.cnrm.cloud.google.com
721 resources:
722 - '*'
723 verbs:
724 - get
725 - list
726 - watch
727 - create
728 - update
729 - patch
730 - delete
731- apiGroups:
732 - gkebackup.cnrm.cloud.google.com
733 resources:
734 - '*'
735 verbs:
736 - get
737 - list
738 - watch
739 - create
740 - update
741 - patch
742 - delete
743- apiGroups:
744 - gkehub.cnrm.cloud.google.com
745 resources:
746 - '*'
747 verbs:
748 - get
749 - list
750 - watch
751 - create
752 - update
753 - patch
754 - delete
755- apiGroups:
756 - healthcare.cnrm.cloud.google.com
757 resources:
758 - '*'
759 verbs:
760 - get
761 - list
762 - watch
763 - create
764 - update
765 - patch
766 - delete
767- apiGroups:
768 - iam.cnrm.cloud.google.com
769 resources:
770 - '*'
771 verbs:
772 - get
773 - list
774 - watch
775 - create
776 - update
777 - patch
778 - delete
779- apiGroups:
780 - iap.cnrm.cloud.google.com
781 resources:
782 - '*'
783 verbs:
784 - get
785 - list
786 - watch
787 - create
788 - update
789 - patch
790 - delete
791- apiGroups:
792 - identityplatform.cnrm.cloud.google.com
793 resources:
794 - '*'
795 verbs:
796 - get
797 - list
798 - watch
799 - create
800 - update
801 - patch
802 - delete
803- apiGroups:
804 - kms.cnrm.cloud.google.com
805 resources:
806 - '*'
807 verbs:
808 - get
809 - list
810 - watch
811 - create
812 - update
813 - patch
814 - delete
815- apiGroups:
816 - logging.cnrm.cloud.google.com
817 resources:
818 - '*'
819 verbs:
820 - get
821 - list
822 - watch
823 - create
824 - update
825 - patch
826 - delete
827- apiGroups:
828 - memcache.cnrm.cloud.google.com
829 resources:
830 - '*'
831 verbs:
832 - get
833 - list
834 - watch
835 - create
836 - update
837 - patch
838 - delete
839- apiGroups:
840 - mlengine.cnrm.cloud.google.com
841 resources:
842 - '*'
843 verbs:
844 - get
845 - list
846 - watch
847 - create
848 - update
849 - patch
850 - delete
851- apiGroups:
852 - monitoring.cnrm.cloud.google.com
853 resources:
854 - '*'
855 verbs:
856 - get
857 - list
858 - watch
859 - create
860 - update
861 - patch
862 - delete
863- apiGroups:
864 - networkconnectivity.cnrm.cloud.google.com
865 resources:
866 - '*'
867 verbs:
868 - get
869 - list
870 - watch
871 - create
872 - update
873 - patch
874 - delete
875- apiGroups:
876 - networkmanagement.cnrm.cloud.google.com
877 resources:
878 - '*'
879 verbs:
880 - get
881 - list
882 - watch
883 - create
884 - update
885 - patch
886 - delete
887- apiGroups:
888 - networksecurity.cnrm.cloud.google.com
889 resources:
890 - '*'
891 verbs:
892 - get
893 - list
894 - watch
895 - create
896 - update
897 - patch
898 - delete
899- apiGroups:
900 - networkservices.cnrm.cloud.google.com
901 resources:
902 - '*'
903 verbs:
904 - get
905 - list
906 - watch
907 - create
908 - update
909 - patch
910 - delete
911- apiGroups:
912 - notebooks.cnrm.cloud.google.com
913 resources:
914 - '*'
915 verbs:
916 - get
917 - list
918 - watch
919 - create
920 - update
921 - patch
922 - delete
923- apiGroups:
924 - orgpolicy.cnrm.cloud.google.com
925 resources:
926 - '*'
927 verbs:
928 - get
929 - list
930 - watch
931 - create
932 - update
933 - patch
934 - delete
935- apiGroups:
936 - osconfig.cnrm.cloud.google.com
937 resources:
938 - '*'
939 verbs:
940 - get
941 - list
942 - watch
943 - create
944 - update
945 - patch
946 - delete
947- apiGroups:
948 - oslogin.cnrm.cloud.google.com
949 resources:
950 - '*'
951 verbs:
952 - get
953 - list
954 - watch
955 - create
956 - update
957 - patch
958 - delete
959- apiGroups:
960 - privateca.cnrm.cloud.google.com
961 resources:
962 - '*'
963 verbs:
964 - get
965 - list
966 - watch
967 - create
968 - update
969 - patch
970 - delete
971- apiGroups:
972 - pubsub.cnrm.cloud.google.com
973 resources:
974 - '*'
975 verbs:
976 - get
977 - list
978 - watch
979 - create
980 - update
981 - patch
982 - delete
983- apiGroups:
984 - pubsublite.cnrm.cloud.google.com
985 resources:
986 - '*'
987 verbs:
988 - get
989 - list
990 - watch
991 - create
992 - update
993 - patch
994 - delete
995- apiGroups:
996 - recaptchaenterprise.cnrm.cloud.google.com
997 resources:
998 - '*'
999 verbs:
1000 - get
1001 - list
1002 - watch
1003 - create
1004 - update
1005 - patch
1006 - delete
1007- apiGroups:
1008 - redis.cnrm.cloud.google.com
1009 resources:
1010 - '*'
1011 verbs:
1012 - get
1013 - list
1014 - watch
1015 - create
1016 - update
1017 - patch
1018 - delete
1019- apiGroups:
1020 - resourcemanager.cnrm.cloud.google.com
1021 resources:
1022 - '*'
1023 verbs:
1024 - get
1025 - list
1026 - watch
1027 - create
1028 - update
1029 - patch
1030 - delete
1031- apiGroups:
1032 - run.cnrm.cloud.google.com
1033 resources:
1034 - '*'
1035 verbs:
1036 - get
1037 - list
1038 - watch
1039 - create
1040 - update
1041 - patch
1042 - delete
1043- apiGroups:
1044 - secretmanager.cnrm.cloud.google.com
1045 resources:
1046 - '*'
1047 verbs:
1048 - get
1049 - list
1050 - watch
1051 - create
1052 - update
1053 - patch
1054 - delete
1055- apiGroups:
1056 - securitycenter.cnrm.cloud.google.com
1057 resources:
1058 - '*'
1059 verbs:
1060 - get
1061 - list
1062 - watch
1063 - create
1064 - update
1065 - patch
1066 - delete
1067- apiGroups:
1068 - servicedirectory.cnrm.cloud.google.com
1069 resources:
1070 - '*'
1071 verbs:
1072 - get
1073 - list
1074 - watch
1075 - create
1076 - update
1077 - patch
1078 - delete
1079- apiGroups:
1080 - servicenetworking.cnrm.cloud.google.com
1081 resources:
1082 - '*'
1083 verbs:
1084 - get
1085 - list
1086 - watch
1087 - create
1088 - update
1089 - patch
1090 - delete
1091- apiGroups:
1092 - serviceusage.cnrm.cloud.google.com
1093 resources:
1094 - '*'
1095 verbs:
1096 - get
1097 - list
1098 - watch
1099 - create
1100 - update
1101 - patch
1102 - delete
1103- apiGroups:
1104 - sourcerepo.cnrm.cloud.google.com
1105 resources:
1106 - '*'
1107 verbs:
1108 - get
1109 - list
1110 - watch
1111 - create
1112 - update
1113 - patch
1114 - delete
1115- apiGroups:
1116 - spanner.cnrm.cloud.google.com
1117 resources:
1118 - '*'
1119 verbs:
1120 - get
1121 - list
1122 - watch
1123 - create
1124 - update
1125 - patch
1126 - delete
1127- apiGroups:
1128 - sql.cnrm.cloud.google.com
1129 resources:
1130 - '*'
1131 verbs:
1132 - get
1133 - list
1134 - watch
1135 - create
1136 - update
1137 - patch
1138 - delete
1139- apiGroups:
1140 - storage.cnrm.cloud.google.com
1141 resources:
1142 - '*'
1143 verbs:
1144 - get
1145 - list
1146 - watch
1147 - create
1148 - update
1149 - patch
1150 - delete
1151- apiGroups:
1152 - storagetransfer.cnrm.cloud.google.com
1153 resources:
1154 - '*'
1155 verbs:
1156 - get
1157 - list
1158 - watch
1159 - create
1160 - update
1161 - patch
1162 - delete
1163- apiGroups:
1164 - tags.cnrm.cloud.google.com
1165 resources:
1166 - '*'
1167 verbs:
1168 - get
1169 - list
1170 - watch
1171 - create
1172 - update
1173 - patch
1174 - delete
1175- apiGroups:
1176 - tpu.cnrm.cloud.google.com
1177 resources:
1178 - '*'
1179 verbs:
1180 - get
1181 - list
1182 - watch
1183 - create
1184 - update
1185 - patch
1186 - delete
1187- apiGroups:
1188 - vertexai.cnrm.cloud.google.com
1189 resources:
1190 - '*'
1191 verbs:
1192 - get
1193 - list
1194 - watch
1195 - create
1196 - update
1197 - patch
1198 - delete
1199- apiGroups:
1200 - vpcaccess.cnrm.cloud.google.com
1201 resources:
1202 - '*'
1203 verbs:
1204 - get
1205 - list
1206 - watch
1207 - create
1208 - update
1209 - patch
1210 - delete
1211- apiGroups:
1212 - workflows.cnrm.cloud.google.com
1213 resources:
1214 - '*'
1215 verbs:
1216 - get
1217 - list
1218 - watch
1219 - create
1220 - update
1221 - patch
1222 - delete
1223- apiGroups:
1224 - workstations.cnrm.cloud.google.com
1225 resources:
1226 - '*'
1227 verbs:
1228 - get
1229 - list
1230 - watch
1231 - create
1232 - update
1233 - patch
1234 - delete
1235---
1236apiVersion: rbac.authorization.k8s.io/v1
1237kind: ClusterRole
1238metadata:
1239 annotations:
1240 cnrm.cloud.google.com/version: 1.106.0
1241 labels:
1242 cnrm.cloud.google.com/system: "true"
1243 name: cnrm-deletiondefender-role
1244rules:
1245- apiGroups:
1246 - apiextensions.k8s.io
1247 resources:
1248 - customresourcedefinitions
1249 verbs:
1250 - get
1251 - list
1252 - watch
1253- apiGroups:
1254 - ""
1255 resources:
1256 - namespaces
1257 verbs:
1258 - get
1259 - list
1260 - watch
1261- apiGroups:
1262 - admissionregistration.k8s.io
1263 resources:
1264 - validatingwebhookconfigurations
1265 verbs:
1266 - get
1267 - list
1268 - watch
1269 - create
1270 - update
1271 - patch
1272 - delete
1273- apiGroups:
1274 - ""
1275 resources:
1276 - services
1277 verbs:
1278 - get
1279 - list
1280 - watch
1281 - create
1282 - update
1283 - patch
1284 - delete
1285---
1286apiVersion: rbac.authorization.k8s.io/v1
1287kind: ClusterRole
1288metadata:
1289 annotations:
1290 cnrm.cloud.google.com/version: 1.106.0
1291 labels:
1292 cnrm.cloud.google.com/system: "true"
1293 name: cnrm-manager-cluster-role
1294rules:
1295- apiGroups:
1296 - apiextensions.k8s.io
1297 resources:
1298 - customresourcedefinitions
1299 verbs:
1300 - get
1301 - list
1302 - watch
1303- apiGroups:
1304 - ""
1305 resources:
1306 - namespaces
1307 verbs:
1308 - get
1309 - list
1310 - watch
1311- apiGroups:
1312 - admissionregistration.k8s.io
1313 resources:
1314 - validatingwebhookconfigurations
1315 verbs:
1316 - get
1317 - list
1318 - watch
1319 - create
1320 - update
1321 - patch
1322 - delete
1323- apiGroups:
1324 - core.cnrm.cloud.google.com
1325 resources:
1326 - servicemappings
1327 verbs:
1328 - get
1329 - list
1330 - watch
1331- apiGroups:
1332 - core.cnrm.cloud.google.com
1333 resources:
1334 - '*'
1335 verbs:
1336 - get
1337 - list
1338 - watch
1339 - create
1340 - update
1341 - patch
1342 - delete
1343---
1344apiVersion: rbac.authorization.k8s.io/v1
1345kind: ClusterRole
1346metadata:
1347 annotations:
1348 cnrm.cloud.google.com/version: 1.106.0
1349 labels:
1350 cnrm.cloud.google.com/system: "true"
1351 name: cnrm-manager-ns-role
1352rules:
1353- apiGroups:
1354 - ""
1355 resources:
1356 - events
1357 - configmaps
1358 - secrets
1359 - services
1360 verbs:
1361 - get
1362 - list
1363 - watch
1364 - create
1365 - update
1366 - patch
1367 - delete
1368---
1369apiVersion: rbac.authorization.k8s.io/v1
1370kind: ClusterRole
1371metadata:
1372 annotations:
1373 cnrm.cloud.google.com/version: 1.106.0
1374 labels:
1375 cnrm.cloud.google.com/system: "true"
1376 name: cnrm-recorder-role
1377rules:
1378- apiGroups:
1379 - ""
1380 resources:
1381 - namespaces
1382 verbs:
1383 - get
1384 - list
1385 - watch
1386- apiGroups:
1387 - apiextensions.k8s.io
1388 resources:
1389 - customresourcedefinitions
1390 verbs:
1391 - get
1392 - list
1393 - watch
1394 - create
1395 - update
1396 - patch
1397 - delete
1398---
1399apiVersion: rbac.authorization.k8s.io/v1
1400kind: ClusterRole
1401metadata:
1402 annotations:
1403 cnrm.cloud.google.com/version: 1.106.0
1404 creationTimestamp: null
1405 labels:
1406 cnrm.cloud.google.com/system: "true"
1407 rbac.authorization.k8s.io/aggregate-to-view: "true"
1408 name: cnrm-viewer
1409rules:
1410- apiGroups:
1411 - accesscontextmanager.cnrm.cloud.google.com
1412 resources:
1413 - '*'
1414 verbs:
1415 - get
1416 - list
1417 - watch
1418- apiGroups:
1419 - alloydb.cnrm.cloud.google.com
1420 resources:
1421 - '*'
1422 verbs:
1423 - get
1424 - list
1425 - watch
1426- apiGroups:
1427 - apigateway.cnrm.cloud.google.com
1428 resources:
1429 - '*'
1430 verbs:
1431 - get
1432 - list
1433 - watch
1434- apiGroups:
1435 - apigee.cnrm.cloud.google.com
1436 resources:
1437 - '*'
1438 verbs:
1439 - get
1440 - list
1441 - watch
1442- apiGroups:
1443 - appengine.cnrm.cloud.google.com
1444 resources:
1445 - '*'
1446 verbs:
1447 - get
1448 - list
1449 - watch
1450- apiGroups:
1451 - artifactregistry.cnrm.cloud.google.com
1452 resources:
1453 - '*'
1454 verbs:
1455 - get
1456 - list
1457 - watch
1458- apiGroups:
1459 - beyondcorp.cnrm.cloud.google.com
1460 resources:
1461 - '*'
1462 verbs:
1463 - get
1464 - list
1465 - watch
1466- apiGroups:
1467 - bigquery.cnrm.cloud.google.com
1468 resources:
1469 - '*'
1470 verbs:
1471 - get
1472 - list
1473 - watch
1474- apiGroups:
1475 - bigqueryanalyticshub.cnrm.cloud.google.com
1476 resources:
1477 - '*'
1478 verbs:
1479 - get
1480 - list
1481 - watch
1482- apiGroups:
1483 - bigqueryconnection.cnrm.cloud.google.com
1484 resources:
1485 - '*'
1486 verbs:
1487 - get
1488 - list
1489 - watch
1490- apiGroups:
1491 - bigquerydatapolicy.cnrm.cloud.google.com
1492 resources:
1493 - '*'
1494 verbs:
1495 - get
1496 - list
1497 - watch
1498- apiGroups:
1499 - bigquerydatatransfer.cnrm.cloud.google.com
1500 resources:
1501 - '*'
1502 verbs:
1503 - get
1504 - list
1505 - watch
1506- apiGroups:
1507 - bigqueryreservation.cnrm.cloud.google.com
1508 resources:
1509 - '*'
1510 verbs:
1511 - get
1512 - list
1513 - watch
1514- apiGroups:
1515 - bigtable.cnrm.cloud.google.com
1516 resources:
1517 - '*'
1518 verbs:
1519 - get
1520 - list
1521 - watch
1522- apiGroups:
1523 - billingbudgets.cnrm.cloud.google.com
1524 resources:
1525 - '*'
1526 verbs:
1527 - get
1528 - list
1529 - watch
1530- apiGroups:
1531 - binaryauthorization.cnrm.cloud.google.com
1532 resources:
1533 - '*'
1534 verbs:
1535 - get
1536 - list
1537 - watch
1538- apiGroups:
1539 - certificatemanager.cnrm.cloud.google.com
1540 resources:
1541 - '*'
1542 verbs:
1543 - get
1544 - list
1545 - watch
1546- apiGroups:
1547 - cloudasset.cnrm.cloud.google.com
1548 resources:
1549 - '*'
1550 verbs:
1551 - get
1552 - list
1553 - watch
1554- apiGroups:
1555 - cloudbuild.cnrm.cloud.google.com
1556 resources:
1557 - '*'
1558 verbs:
1559 - get
1560 - list
1561 - watch
1562- apiGroups:
1563 - cloudfunctions.cnrm.cloud.google.com
1564 resources:
1565 - '*'
1566 verbs:
1567 - get
1568 - list
1569 - watch
1570- apiGroups:
1571 - cloudfunctions2.cnrm.cloud.google.com
1572 resources:
1573 - '*'
1574 verbs:
1575 - get
1576 - list
1577 - watch
1578- apiGroups:
1579 - cloudidentity.cnrm.cloud.google.com
1580 resources:
1581 - '*'
1582 verbs:
1583 - get
1584 - list
1585 - watch
1586- apiGroups:
1587 - cloudids.cnrm.cloud.google.com
1588 resources:
1589 - '*'
1590 verbs:
1591 - get
1592 - list
1593 - watch
1594- apiGroups:
1595 - cloudiot.cnrm.cloud.google.com
1596 resources:
1597 - '*'
1598 verbs:
1599 - get
1600 - list
1601 - watch
1602- apiGroups:
1603 - cloudscheduler.cnrm.cloud.google.com
1604 resources:
1605 - '*'
1606 verbs:
1607 - get
1608 - list
1609 - watch
1610- apiGroups:
1611 - cloudtasks.cnrm.cloud.google.com
1612 resources:
1613 - '*'
1614 verbs:
1615 - get
1616 - list
1617 - watch
1618- apiGroups:
1619 - compute.cnrm.cloud.google.com
1620 resources:
1621 - '*'
1622 verbs:
1623 - get
1624 - list
1625 - watch
1626- apiGroups:
1627 - configcontroller.cnrm.cloud.google.com
1628 resources:
1629 - '*'
1630 verbs:
1631 - get
1632 - list
1633 - watch
1634- apiGroups:
1635 - container.cnrm.cloud.google.com
1636 resources:
1637 - '*'
1638 verbs:
1639 - get
1640 - list
1641 - watch
1642- apiGroups:
1643 - containeranalysis.cnrm.cloud.google.com
1644 resources:
1645 - '*'
1646 verbs:
1647 - get
1648 - list
1649 - watch
1650- apiGroups:
1651 - datacatalog.cnrm.cloud.google.com
1652 resources:
1653 - '*'
1654 verbs:
1655 - get
1656 - list
1657 - watch
1658- apiGroups:
1659 - dataflow.cnrm.cloud.google.com
1660 resources:
1661 - '*'
1662 verbs:
1663 - get
1664 - list
1665 - watch
1666- apiGroups:
1667 - dataform.cnrm.cloud.google.com
1668 resources:
1669 - '*'
1670 verbs:
1671 - get
1672 - list
1673 - watch
1674- apiGroups:
1675 - datafusion.cnrm.cloud.google.com
1676 resources:
1677 - '*'
1678 verbs:
1679 - get
1680 - list
1681 - watch
1682- apiGroups:
1683 - dataproc.cnrm.cloud.google.com
1684 resources:
1685 - '*'
1686 verbs:
1687 - get
1688 - list
1689 - watch
1690- apiGroups:
1691 - datastore.cnrm.cloud.google.com
1692 resources:
1693 - '*'
1694 verbs:
1695 - get
1696 - list
1697 - watch
1698- apiGroups:
1699 - datastream.cnrm.cloud.google.com
1700 resources:
1701 - '*'
1702 verbs:
1703 - get
1704 - list
1705 - watch
1706- apiGroups:
1707 - deploymentmanager.cnrm.cloud.google.com
1708 resources:
1709 - '*'
1710 verbs:
1711 - get
1712 - list
1713 - watch
1714- apiGroups:
1715 - dialogflow.cnrm.cloud.google.com
1716 resources:
1717 - '*'
1718 verbs:
1719 - get
1720 - list
1721 - watch
1722- apiGroups:
1723 - dialogflowcx.cnrm.cloud.google.com
1724 resources:
1725 - '*'
1726 verbs:
1727 - get
1728 - list
1729 - watch
1730- apiGroups:
1731 - dlp.cnrm.cloud.google.com
1732 resources:
1733 - '*'
1734 verbs:
1735 - get
1736 - list
1737 - watch
1738- apiGroups:
1739 - dns.cnrm.cloud.google.com
1740 resources:
1741 - '*'
1742 verbs:
1743 - get
1744 - list
1745 - watch
1746- apiGroups:
1747 - documentai.cnrm.cloud.google.com
1748 resources:
1749 - '*'
1750 verbs:
1751 - get
1752 - list
1753 - watch
1754- apiGroups:
1755 - essentialcontacts.cnrm.cloud.google.com
1756 resources:
1757 - '*'
1758 verbs:
1759 - get
1760 - list
1761 - watch
1762- apiGroups:
1763 - eventarc.cnrm.cloud.google.com
1764 resources:
1765 - '*'
1766 verbs:
1767 - get
1768 - list
1769 - watch
1770- apiGroups:
1771 - filestore.cnrm.cloud.google.com
1772 resources:
1773 - '*'
1774 verbs:
1775 - get
1776 - list
1777 - watch
1778- apiGroups:
1779 - firebase.cnrm.cloud.google.com
1780 resources:
1781 - '*'
1782 verbs:
1783 - get
1784 - list
1785 - watch
1786- apiGroups:
1787 - firebasedatabase.cnrm.cloud.google.com
1788 resources:
1789 - '*'
1790 verbs:
1791 - get
1792 - list
1793 - watch
1794- apiGroups:
1795 - firebasehosting.cnrm.cloud.google.com
1796 resources:
1797 - '*'
1798 verbs:
1799 - get
1800 - list
1801 - watch
1802- apiGroups:
1803 - firebasestorage.cnrm.cloud.google.com
1804 resources:
1805 - '*'
1806 verbs:
1807 - get
1808 - list
1809 - watch
1810- apiGroups:
1811 - firestore.cnrm.cloud.google.com
1812 resources:
1813 - '*'
1814 verbs:
1815 - get
1816 - list
1817 - watch
1818- apiGroups:
1819 - gkebackup.cnrm.cloud.google.com
1820 resources:
1821 - '*'
1822 verbs:
1823 - get
1824 - list
1825 - watch
1826- apiGroups:
1827 - gkehub.cnrm.cloud.google.com
1828 resources:
1829 - '*'
1830 verbs:
1831 - get
1832 - list
1833 - watch
1834- apiGroups:
1835 - healthcare.cnrm.cloud.google.com
1836 resources:
1837 - '*'
1838 verbs:
1839 - get
1840 - list
1841 - watch
1842- apiGroups:
1843 - iam.cnrm.cloud.google.com
1844 resources:
1845 - '*'
1846 verbs:
1847 - get
1848 - list
1849 - watch
1850- apiGroups:
1851 - iap.cnrm.cloud.google.com
1852 resources:
1853 - '*'
1854 verbs:
1855 - get
1856 - list
1857 - watch
1858- apiGroups:
1859 - identityplatform.cnrm.cloud.google.com
1860 resources:
1861 - '*'
1862 verbs:
1863 - get
1864 - list
1865 - watch
1866- apiGroups:
1867 - kms.cnrm.cloud.google.com
1868 resources:
1869 - '*'
1870 verbs:
1871 - get
1872 - list
1873 - watch
1874- apiGroups:
1875 - logging.cnrm.cloud.google.com
1876 resources:
1877 - '*'
1878 verbs:
1879 - get
1880 - list
1881 - watch
1882- apiGroups:
1883 - memcache.cnrm.cloud.google.com
1884 resources:
1885 - '*'
1886 verbs:
1887 - get
1888 - list
1889 - watch
1890- apiGroups:
1891 - mlengine.cnrm.cloud.google.com
1892 resources:
1893 - '*'
1894 verbs:
1895 - get
1896 - list
1897 - watch
1898- apiGroups:
1899 - monitoring.cnrm.cloud.google.com
1900 resources:
1901 - '*'
1902 verbs:
1903 - get
1904 - list
1905 - watch
1906- apiGroups:
1907 - networkconnectivity.cnrm.cloud.google.com
1908 resources:
1909 - '*'
1910 verbs:
1911 - get
1912 - list
1913 - watch
1914- apiGroups:
1915 - networkmanagement.cnrm.cloud.google.com
1916 resources:
1917 - '*'
1918 verbs:
1919 - get
1920 - list
1921 - watch
1922- apiGroups:
1923 - networksecurity.cnrm.cloud.google.com
1924 resources:
1925 - '*'
1926 verbs:
1927 - get
1928 - list
1929 - watch
1930- apiGroups:
1931 - networkservices.cnrm.cloud.google.com
1932 resources:
1933 - '*'
1934 verbs:
1935 - get
1936 - list
1937 - watch
1938- apiGroups:
1939 - notebooks.cnrm.cloud.google.com
1940 resources:
1941 - '*'
1942 verbs:
1943 - get
1944 - list
1945 - watch
1946- apiGroups:
1947 - orgpolicy.cnrm.cloud.google.com
1948 resources:
1949 - '*'
1950 verbs:
1951 - get
1952 - list
1953 - watch
1954- apiGroups:
1955 - osconfig.cnrm.cloud.google.com
1956 resources:
1957 - '*'
1958 verbs:
1959 - get
1960 - list
1961 - watch
1962- apiGroups:
1963 - oslogin.cnrm.cloud.google.com
1964 resources:
1965 - '*'
1966 verbs:
1967 - get
1968 - list
1969 - watch
1970- apiGroups:
1971 - privateca.cnrm.cloud.google.com
1972 resources:
1973 - '*'
1974 verbs:
1975 - get
1976 - list
1977 - watch
1978- apiGroups:
1979 - pubsub.cnrm.cloud.google.com
1980 resources:
1981 - '*'
1982 verbs:
1983 - get
1984 - list
1985 - watch
1986- apiGroups:
1987 - pubsublite.cnrm.cloud.google.com
1988 resources:
1989 - '*'
1990 verbs:
1991 - get
1992 - list
1993 - watch
1994- apiGroups:
1995 - recaptchaenterprise.cnrm.cloud.google.com
1996 resources:
1997 - '*'
1998 verbs:
1999 - get
2000 - list
2001 - watch
2002- apiGroups:
2003 - redis.cnrm.cloud.google.com
2004 resources:
2005 - '*'
2006 verbs:
2007 - get
2008 - list
2009 - watch
2010- apiGroups:
2011 - resourcemanager.cnrm.cloud.google.com
2012 resources:
2013 - '*'
2014 verbs:
2015 - get
2016 - list
2017 - watch
2018- apiGroups:
2019 - run.cnrm.cloud.google.com
2020 resources:
2021 - '*'
2022 verbs:
2023 - get
2024 - list
2025 - watch
2026- apiGroups:
2027 - secretmanager.cnrm.cloud.google.com
2028 resources:
2029 - '*'
2030 verbs:
2031 - get
2032 - list
2033 - watch
2034- apiGroups:
2035 - securitycenter.cnrm.cloud.google.com
2036 resources:
2037 - '*'
2038 verbs:
2039 - get
2040 - list
2041 - watch
2042- apiGroups:
2043 - servicedirectory.cnrm.cloud.google.com
2044 resources:
2045 - '*'
2046 verbs:
2047 - get
2048 - list
2049 - watch
2050- apiGroups:
2051 - servicenetworking.cnrm.cloud.google.com
2052 resources:
2053 - '*'
2054 verbs:
2055 - get
2056 - list
2057 - watch
2058- apiGroups:
2059 - serviceusage.cnrm.cloud.google.com
2060 resources:
2061 - '*'
2062 verbs:
2063 - get
2064 - list
2065 - watch
2066- apiGroups:
2067 - sourcerepo.cnrm.cloud.google.com
2068 resources:
2069 - '*'
2070 verbs:
2071 - get
2072 - list
2073 - watch
2074- apiGroups:
2075 - spanner.cnrm.cloud.google.com
2076 resources:
2077 - '*'
2078 verbs:
2079 - get
2080 - list
2081 - watch
2082- apiGroups:
2083 - sql.cnrm.cloud.google.com
2084 resources:
2085 - '*'
2086 verbs:
2087 - get
2088 - list
2089 - watch
2090- apiGroups:
2091 - storage.cnrm.cloud.google.com
2092 resources:
2093 - '*'
2094 verbs:
2095 - get
2096 - list
2097 - watch
2098- apiGroups:
2099 - storagetransfer.cnrm.cloud.google.com
2100 resources:
2101 - '*'
2102 verbs:
2103 - get
2104 - list
2105 - watch
2106- apiGroups:
2107 - tags.cnrm.cloud.google.com
2108 resources:
2109 - '*'
2110 verbs:
2111 - get
2112 - list
2113 - watch
2114- apiGroups:
2115 - tpu.cnrm.cloud.google.com
2116 resources:
2117 - '*'
2118 verbs:
2119 - get
2120 - list
2121 - watch
2122- apiGroups:
2123 - vertexai.cnrm.cloud.google.com
2124 resources:
2125 - '*'
2126 verbs:
2127 - get
2128 - list
2129 - watch
2130- apiGroups:
2131 - vpcaccess.cnrm.cloud.google.com
2132 resources:
2133 - '*'
2134 verbs:
2135 - get
2136 - list
2137 - watch
2138- apiGroups:
2139 - workflows.cnrm.cloud.google.com
2140 resources:
2141 - '*'
2142 verbs:
2143 - get
2144 - list
2145 - watch
2146- apiGroups:
2147 - workstations.cnrm.cloud.google.com
2148 resources:
2149 - '*'
2150 verbs:
2151 - get
2152 - list
2153 - watch
2154---
2155apiVersion: rbac.authorization.k8s.io/v1
2156kind: ClusterRole
2157metadata:
2158 annotations:
2159 cnrm.cloud.google.com/version: 1.106.0
2160 labels:
2161 cnrm.cloud.google.com/system: "true"
2162 name: cnrm-webhook-role
2163rules:
2164- apiGroups:
2165 - admissionregistration.k8s.io
2166 resources:
2167 - validatingwebhookconfigurations
2168 - mutatingwebhookconfigurations
2169 verbs:
2170 - get
2171 - list
2172 - watch
2173 - create
2174 - update
2175 - patch
2176 - delete
2177- apiGroups:
2178 - core.cnrm.cloud.google.com
2179 resources:
2180 - servicemappings
2181 verbs:
2182 - get
2183 - list
2184 - watch
2185 - create
2186 - update
2187 - patch
2188 - delete
2189- apiGroups:
2190 - ""
2191 resources:
2192 - services
2193 verbs:
2194 - get
2195 - list
2196 - watch
2197 - create
2198 - update
2199 - patch
2200 - delete
2201- apiGroups:
2202 - apiextensions.k8s.io
2203 resources:
2204 - customresourcedefinitions
2205 verbs:
2206 - get
2207 - list
2208 - watch
2209- apiGroups:
2210 - ""
2211 resources:
2212 - namespaces
2213 verbs:
2214 - get
2215 - list
2216 - watch
2217---
2218apiVersion: rbac.authorization.k8s.io/v1
2219kind: RoleBinding
2220metadata:
2221 annotations:
2222 cnrm.cloud.google.com/version: 1.106.0
2223 labels:
2224 cnrm.cloud.google.com/system: "true"
2225 name: cnrm-deletiondefender-role-binding
2226 namespace: cnrm-system
2227roleRef:
2228 apiGroup: rbac.authorization.k8s.io
2229 kind: Role
2230 name: cnrm-deletiondefender-cnrm-system-role
2231subjects:
2232- kind: ServiceAccount
2233 name: cnrm-deletiondefender
2234 namespace: cnrm-system
2235---
2236apiVersion: rbac.authorization.k8s.io/v1
2237kind: RoleBinding
2238metadata:
2239 annotations:
2240 cnrm.cloud.google.com/version: 1.106.0
2241 labels:
2242 cnrm.cloud.google.com/system: "true"
2243 name: cnrm-webhook-role-binding
2244 namespace: cnrm-system
2245roleRef:
2246 apiGroup: rbac.authorization.k8s.io
2247 kind: Role
2248 name: cnrm-webhook-cnrm-system-role
2249subjects:
2250- kind: ServiceAccount
2251 name: cnrm-webhook-manager
2252 namespace: cnrm-system
2253---
2254apiVersion: rbac.authorization.k8s.io/v1
2255kind: ClusterRoleBinding
2256metadata:
2257 annotations:
2258 cnrm.cloud.google.com/version: 1.106.0
2259 labels:
2260 cnrm.cloud.google.com/system: "true"
2261 name: cnrm-admin-binding
2262roleRef:
2263 apiGroup: rbac.authorization.k8s.io
2264 kind: ClusterRole
2265 name: cnrm-admin
2266subjects:
2267- kind: ServiceAccount
2268 name: cnrm-controller-manager
2269 namespace: cnrm-system
2270- kind: ServiceAccount
2271 name: cnrm-resource-stats-recorder
2272 namespace: cnrm-system
2273- kind: ServiceAccount
2274 name: cnrm-deletiondefender
2275 namespace: cnrm-system
2276---
2277apiVersion: rbac.authorization.k8s.io/v1
2278kind: ClusterRoleBinding
2279metadata:
2280 annotations:
2281 cnrm.cloud.google.com/version: 1.106.0
2282 labels:
2283 cnrm.cloud.google.com/system: "true"
2284 name: cnrm-deletiondefender-binding
2285roleRef:
2286 apiGroup: rbac.authorization.k8s.io
2287 kind: ClusterRole
2288 name: cnrm-deletiondefender-role
2289subjects:
2290- kind: ServiceAccount
2291 name: cnrm-deletiondefender
2292 namespace: cnrm-system
2293---
2294apiVersion: rbac.authorization.k8s.io/v1
2295kind: ClusterRoleBinding
2296metadata:
2297 annotations:
2298 cnrm.cloud.google.com/version: 1.106.0
2299 labels:
2300 cnrm.cloud.google.com/system: "true"
2301 name: cnrm-manager-binding
2302roleRef:
2303 apiGroup: rbac.authorization.k8s.io
2304 kind: ClusterRole
2305 name: cnrm-manager-cluster-role
2306subjects:
2307- kind: ServiceAccount
2308 name: cnrm-controller-manager
2309 namespace: cnrm-system
2310---
2311apiVersion: rbac.authorization.k8s.io/v1
2312kind: ClusterRoleBinding
2313metadata:
2314 annotations:
2315 cnrm.cloud.google.com/version: 1.106.0
2316 labels:
2317 cnrm.cloud.google.com/system: "true"
2318 name: cnrm-manager-watcher-binding
2319roleRef:
2320 apiGroup: rbac.authorization.k8s.io
2321 kind: ClusterRole
2322 name: cnrm-manager-ns-role
2323subjects:
2324- kind: ServiceAccount
2325 name: cnrm-controller-manager
2326 namespace: cnrm-system
2327---
2328apiVersion: rbac.authorization.k8s.io/v1
2329kind: ClusterRoleBinding
2330metadata:
2331 annotations:
2332 cnrm.cloud.google.com/version: 1.106.0
2333 labels:
2334 cnrm.cloud.google.com/system: "true"
2335 name: cnrm-recorder-binding
2336roleRef:
2337 apiGroup: rbac.authorization.k8s.io
2338 kind: ClusterRole
2339 name: cnrm-recorder-role
2340subjects:
2341- kind: ServiceAccount
2342 name: cnrm-resource-stats-recorder
2343 namespace: cnrm-system
2344---
2345apiVersion: rbac.authorization.k8s.io/v1
2346kind: ClusterRoleBinding
2347metadata:
2348 annotations:
2349 cnrm.cloud.google.com/version: 1.106.0
2350 labels:
2351 cnrm.cloud.google.com/system: "true"
2352 name: cnrm-webhook-binding
2353roleRef:
2354 apiGroup: rbac.authorization.k8s.io
2355 kind: ClusterRole
2356 name: cnrm-webhook-role
2357subjects:
2358- kind: ServiceAccount
2359 name: cnrm-webhook-manager
2360 namespace: cnrm-system
2361---
2362apiVersion: v1
2363kind: Service
2364metadata:
2365 annotations:
2366 cnrm.cloud.google.com/version: 1.106.0
2367 labels:
2368 cnrm.cloud.google.com/system: "true"
2369 name: cnrm-deletiondefender
2370 namespace: cnrm-system
2371spec:
2372 ports:
2373 - name: deletiondefender
2374 port: 443
2375 selector:
2376 cnrm.cloud.google.com/component: cnrm-deletiondefender
2377 cnrm.cloud.google.com/system: "true"
2378---
2379apiVersion: v1
2380kind: Service
2381metadata:
2382 annotations:
2383 cnrm.cloud.google.com/version: 1.106.0
2384 prometheus.io/port: "8888"
2385 prometheus.io/scrape: "true"
2386 labels:
2387 cnrm.cloud.google.com/monitored: "true"
2388 cnrm.cloud.google.com/system: "true"
2389 name: cnrm-manager
2390 namespace: cnrm-system
2391spec:
2392 ports:
2393 - name: controller-manager
2394 port: 443
2395 - name: metrics
2396 port: 8888
2397 selector:
2398 cnrm.cloud.google.com/component: cnrm-controller-manager
2399 cnrm.cloud.google.com/system: "true"
2400---
2401apiVersion: v1
2402kind: Service
2403metadata:
2404 annotations:
2405 cnrm.cloud.google.com/version: 1.106.0
2406 prometheus.io/port: "48797"
2407 prometheus.io/scrape: "true"
2408 labels:
2409 cnrm.cloud.google.com/monitored: "true"
2410 cnrm.cloud.google.com/system: "true"
2411 name: cnrm-resource-stats-recorder-service
2412 namespace: cnrm-system
2413spec:
2414 ports:
2415 - name: metrics
2416 port: 8888
2417 targetPort: 48797
2418 selector:
2419 cnrm.cloud.google.com/component: cnrm-resource-stats-recorder
2420 cnrm.cloud.google.com/system: "true"
2421---
2422apiVersion: apps/v1
2423kind: Deployment
2424metadata:
2425 annotations:
2426 cnrm.cloud.google.com/version: 1.106.0
2427 labels:
2428 cnrm.cloud.google.com/component: cnrm-resource-stats-recorder
2429 cnrm.cloud.google.com/system: "true"
2430 name: cnrm-resource-stats-recorder
2431 namespace: cnrm-system
2432spec:
2433 replicas: 1
2434 revisionHistoryLimit: 1
2435 selector:
2436 matchLabels:
2437 cnrm.cloud.google.com/component: cnrm-resource-stats-recorder
2438 cnrm.cloud.google.com/system: "true"
2439 strategy:
2440 type: Recreate
2441 template:
2442 metadata:
2443 annotations:
2444 cnrm.cloud.google.com/version: 1.106.0
2445 labels:
2446 cnrm.cloud.google.com/component: cnrm-resource-stats-recorder
2447 cnrm.cloud.google.com/system: "true"
2448 spec:
2449 containers:
2450 - args:
2451 - --prometheus-scrape-endpoint=:48797
2452 - --metric-interval=60
2453 command:
2454 - /configconnector/recorder
2455 env:
2456 - name: CONFIG_CONNECTOR_VERSION
2457 value: 1.106.0
2458 image: gcr.io/cnrm-eap/recorder:2b4f8d7
2459 imagePullPolicy: Always
2460 name: recorder
2461 ports:
2462 - containerPort: 48797
2463 hostPort: 48797
2464 protocol: TCP
2465 - containerPort: 23232
2466 readinessProbe:
2467 httpGet:
2468 path: /ready
2469 port: 23232
2470 initialDelaySeconds: 7
2471 periodSeconds: 3
2472 resources:
2473 limits:
2474 memory: 64Mi
2475 requests:
2476 cpu: 20m
2477 memory: 64Mi
2478 securityContext:
2479 allowPrivilegeEscalation: false
2480 privileged: false
2481 runAsNonRoot: true
2482 runAsUser: 1000
2483 enableServiceLinks: false
2484 hostNetwork: true
2485 serviceAccountName: cnrm-resource-stats-recorder
2486 terminationGracePeriodSeconds: 10
2487---
2488apiVersion: apps/v1
2489kind: Deployment
2490metadata:
2491 annotations:
2492 cnrm.cloud.google.com/version: 1.106.0
2493 labels:
2494 cnrm.cloud.google.com/component: cnrm-webhook-manager
2495 cnrm.cloud.google.com/system: "true"
2496 name: cnrm-webhook-manager
2497 namespace: cnrm-system
2498spec:
2499 revisionHistoryLimit: 1
2500 selector:
2501 matchLabels:
2502 cnrm.cloud.google.com/component: cnrm-webhook-manager
2503 cnrm.cloud.google.com/system: "true"
2504 template:
2505 metadata:
2506 annotations:
2507 cnrm.cloud.google.com/version: 1.106.0
2508 labels:
2509 cnrm.cloud.google.com/component: cnrm-webhook-manager
2510 cnrm.cloud.google.com/system: "true"
2511 spec:
2512 containers:
2513 - command:
2514 - /configconnector/webhook
2515 env:
2516 - name: NAMESPACE
2517 valueFrom:
2518 fieldRef:
2519 fieldPath: metadata.namespace
2520 image: gcr.io/cnrm-eap/webhook:2b4f8d7
2521 imagePullPolicy: Always
2522 name: webhook
2523 ports:
2524 - containerPort: 23232
2525 readinessProbe:
2526 httpGet:
2527 path: /ready
2528 port: 23232
2529 initialDelaySeconds: 7
2530 periodSeconds: 3
2531 resources:
2532 limits:
2533 memory: 128Mi
2534 requests:
2535 cpu: 250m
2536 memory: 128Mi
2537 securityContext:
2538 allowPrivilegeEscalation: false
2539 privileged: false
2540 runAsNonRoot: true
2541 runAsUser: 1000
2542 enableServiceLinks: false
2543 serviceAccountName: cnrm-webhook-manager
2544 terminationGracePeriodSeconds: 10
2545---
2546apiVersion: apps/v1
2547kind: StatefulSet
2548metadata:
2549 annotations:
2550 cnrm.cloud.google.com/version: 1.106.0
2551 labels:
2552 cnrm.cloud.google.com/component: cnrm-controller-manager
2553 cnrm.cloud.google.com/system: "true"
2554 name: cnrm-controller-manager
2555 namespace: cnrm-system
2556spec:
2557 selector:
2558 matchLabels:
2559 cnrm.cloud.google.com/component: cnrm-controller-manager
2560 cnrm.cloud.google.com/system: "true"
2561 serviceName: cnrm-manager
2562 template:
2563 metadata:
2564 annotations:
2565 cnrm.cloud.google.com/version: 1.106.0
2566 labels:
2567 cnrm.cloud.google.com/component: cnrm-controller-manager
2568 cnrm.cloud.google.com/system: "true"
2569 spec:
2570 containers:
2571 - args:
2572 - --prometheus-scrape-endpoint=:8888
2573 command:
2574 - /configconnector/manager
2575 image: gcr.io/cnrm-eap/controller:2b4f8d7
2576 imagePullPolicy: Always
2577 name: manager
2578 ports:
2579 - containerPort: 23232
2580 readinessProbe:
2581 httpGet:
2582 path: /ready
2583 port: 23232
2584 initialDelaySeconds: 7
2585 periodSeconds: 3
2586 resources:
2587 limits:
2588 memory: 512Mi
2589 requests:
2590 cpu: 100m
2591 memory: 512Mi
2592 securityContext:
2593 allowPrivilegeEscalation: false
2594 privileged: false
2595 runAsNonRoot: true
2596 runAsUser: 1000
2597 enableServiceLinks: false
2598 serviceAccountName: cnrm-controller-manager
2599 terminationGracePeriodSeconds: 10
2600---
2601apiVersion: apps/v1
2602kind: StatefulSet
2603metadata:
2604 annotations:
2605 cnrm.cloud.google.com/version: 1.106.0
2606 labels:
2607 cnrm.cloud.google.com/component: cnrm-deletiondefender
2608 cnrm.cloud.google.com/system: "true"
2609 name: cnrm-deletiondefender
2610 namespace: cnrm-system
2611spec:
2612 selector:
2613 matchLabels:
2614 cnrm.cloud.google.com/component: cnrm-deletiondefender
2615 cnrm.cloud.google.com/system: "true"
2616 serviceName: cnrm-deletiondefender
2617 template:
2618 metadata:
2619 annotations:
2620 cnrm.cloud.google.com/version: 1.106.0
2621 labels:
2622 cnrm.cloud.google.com/component: cnrm-deletiondefender
2623 cnrm.cloud.google.com/system: "true"
2624 spec:
2625 containers:
2626 - command:
2627 - /configconnector/deletiondefender
2628 image: gcr.io/cnrm-eap/deletiondefender:2b4f8d7
2629 imagePullPolicy: Always
2630 name: deletiondefender
2631 ports:
2632 - containerPort: 23232
2633 readinessProbe:
2634 httpGet:
2635 path: /ready
2636 port: 23232
2637 initialDelaySeconds: 7
2638 periodSeconds: 3
2639 resources:
2640 limits:
2641 memory: 1Gi
2642 requests:
2643 cpu: 250m
2644 memory: 1Gi
2645 securityContext:
2646 allowPrivilegeEscalation: false
2647 privileged: false
2648 runAsNonRoot: true
2649 runAsUser: 1000
2650 enableServiceLinks: false
2651 serviceAccountName: cnrm-deletiondefender
2652 terminationGracePeriodSeconds: 10
2653---
2654apiVersion: autoscaling/v1
2655kind: HorizontalPodAutoscaler
2656metadata:
2657 annotations:
2658 autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]'
2659 cnrm.cloud.google.com/version: 1.106.0
2660 labels:
2661 cnrm.cloud.google.com/system: "true"
2662 name: cnrm-webhook
2663 namespace: cnrm-system
2664spec:
2665 maxReplicas: 20
2666 minReplicas: 2
2667 scaleTargetRef:
2668 apiVersion: apps/v1
2669 kind: Deployment
2670 name: cnrm-webhook-manager
2671 targetCPUUtilizationPercentage: 90
View as plain text