...

Text file src/k8s.io/kubernetes/cluster/addons/rbac/cluster-autoscaler/cluster-autoscaler-rbac.yaml

Documentation: k8s.io/kubernetes/cluster/addons/rbac/cluster-autoscaler 

     1kind: ClusterRole
     2apiVersion: rbac.authorization.k8s.io/v1
     3metadata:
     4  name: cluster-autoscaler
     5  labels:
     6    addonmanager.kubernetes.io/mode: Reconcile
     7rules:
     8  # leader election
     9  - apiGroups: ["coordination.k8s.io"]
    10    resources: ["leases"]
    11    verbs: ["create"]
    12  - apiGroups: ["coordination.k8s.io"]
    13    resources: ["leases"]
    14    resourceNames: ["cluster-autoscaler"]
    15    verbs: ["get", "update", "patch", "delete"]
    16  # accessing & modifying cluster state (nodes & pods)
    17  - apiGroups: [""]
    18    resources: ["nodes"]
    19    verbs: ["get", "list", "watch", "update", "patch"]
    20  - apiGroups: [""]
    21    resources: ["pods"]
    22    verbs: ["get", "list", "watch"]
    23  - apiGroups: [""]
    24    resources: ["pods/eviction"]
    25    verbs: ["create"]
    26  # read-only access to cluster state
    27  - apiGroups: [""]
    28    resources: ["services", "replicationcontrollers", "persistentvolumes", "persistentvolumeclaims"]
    29    verbs: ["get", "list", "watch"]
    30  - apiGroups: ["apps"]
    31    resources: ["daemonsets", "replicasets"]
    32    verbs: ["get", "list", "watch"]
    33  - apiGroups: ["apps"]
    34    resources: ["statefulsets"]
    35    verbs: ["get", "list", "watch"]
    36  - apiGroups: ["batch"]
    37    resources: ["jobs"]
    38    verbs: ["get", "list", "watch"]
    39  - apiGroups: ["policy"]
    40    resources: ["poddisruptionbudgets"]
    41    verbs: ["get", "list", "watch"]
    42  - apiGroups: ["storage.k8s.io"]
    43    resources: ["storageclasses", "csinodes"]
    44    verbs: ["get", "list", "watch"]
    45  # misc access
    46  - apiGroups: [""]
    47    resources: ["events"]
    48    verbs: ["create", "update", "patch"]
    49  - apiGroups: [""]
    50    resources: ["configmaps"]
    51    verbs: ["create"]
    52  - apiGroups: [""]
    53    resources: ["configmaps"]
    54    resourceNames: ["cluster-autoscaler-status"]
    55    verbs: ["get", "update", "patch", "delete"]
    56---
    57kind: ClusterRoleBinding
    58apiVersion: rbac.authorization.k8s.io/v1
    59metadata:
    60  name: cluster-autoscaler
    61  labels:
    62    addonmanager.kubernetes.io/mode: Reconcile
    63subjects:
    64  - kind: User
    65    name: cluster-autoscaler
    66    namespace: kube-system
    67roleRef:
    68  kind: ClusterRole
    69  name: cluster-autoscaler
    70  apiGroup: rbac.authorization.k8s.io
    71

View as plain text