1apiVersion: v1
2items:
3- aggregationRule:
4 clusterRoleSelectors:
5 - matchLabels:
6 rbac.authorization.k8s.io/aggregate-to-admin: "true"
7 apiVersion: rbac.authorization.k8s.io/v1
8 kind: ClusterRole
9 metadata:
10 annotations:
11 rbac.authorization.kubernetes.io/autoupdate: "true"
12 creationTimestamp: null
13 labels:
14 kubernetes.io/bootstrapping: rbac-defaults
15 name: admin
16 rules: null
17- apiVersion: rbac.authorization.k8s.io/v1
18 kind: ClusterRole
19 metadata:
20 annotations:
21 rbac.authorization.kubernetes.io/autoupdate: "true"
22 creationTimestamp: null
23 labels:
24 kubernetes.io/bootstrapping: rbac-defaults
25 name: cluster-admin
26 rules:
27 - apiGroups:
28 - '*'
29 resources:
30 - '*'
31 verbs:
32 - '*'
33 - nonResourceURLs:
34 - '*'
35 verbs:
36 - '*'
37- aggregationRule:
38 clusterRoleSelectors:
39 - matchLabels:
40 rbac.authorization.k8s.io/aggregate-to-edit: "true"
41 apiVersion: rbac.authorization.k8s.io/v1
42 kind: ClusterRole
43 metadata:
44 annotations:
45 rbac.authorization.kubernetes.io/autoupdate: "true"
46 creationTimestamp: null
47 labels:
48 kubernetes.io/bootstrapping: rbac-defaults
49 rbac.authorization.k8s.io/aggregate-to-admin: "true"
50 name: edit
51 rules: null
52- apiVersion: rbac.authorization.k8s.io/v1
53 kind: ClusterRole
54 metadata:
55 annotations:
56 rbac.authorization.kubernetes.io/autoupdate: "true"
57 creationTimestamp: null
58 labels:
59 kubernetes.io/bootstrapping: rbac-defaults
60 rbac.authorization.k8s.io/aggregate-to-admin: "true"
61 name: system:aggregate-to-admin
62 rules:
63 - apiGroups:
64 - authorization.k8s.io
65 resources:
66 - localsubjectaccessreviews
67 verbs:
68 - create
69 - apiGroups:
70 - rbac.authorization.k8s.io
71 resources:
72 - rolebindings
73 - roles
74 verbs:
75 - create
76 - delete
77 - deletecollection
78 - get
79 - list
80 - patch
81 - update
82 - watch
83- apiVersion: rbac.authorization.k8s.io/v1
84 kind: ClusterRole
85 metadata:
86 annotations:
87 rbac.authorization.kubernetes.io/autoupdate: "true"
88 creationTimestamp: null
89 labels:
90 kubernetes.io/bootstrapping: rbac-defaults
91 rbac.authorization.k8s.io/aggregate-to-edit: "true"
92 name: system:aggregate-to-edit
93 rules:
94 - apiGroups:
95 - ""
96 resources:
97 - pods/attach
98 - pods/exec
99 - pods/portforward
100 - pods/proxy
101 - secrets
102 - services/proxy
103 verbs:
104 - get
105 - list
106 - watch
107 - apiGroups:
108 - ""
109 resources:
110 - serviceaccounts
111 verbs:
112 - impersonate
113 - apiGroups:
114 - ""
115 resources:
116 - pods
117 - pods/attach
118 - pods/exec
119 - pods/portforward
120 - pods/proxy
121 verbs:
122 - create
123 - delete
124 - deletecollection
125 - patch
126 - update
127 - apiGroups:
128 - ""
129 resources:
130 - pods/eviction
131 verbs:
132 - create
133 - apiGroups:
134 - ""
135 resources:
136 - configmaps
137 - events
138 - persistentvolumeclaims
139 - replicationcontrollers
140 - replicationcontrollers/scale
141 - secrets
142 - serviceaccounts
143 - services
144 - services/proxy
145 verbs:
146 - create
147 - delete
148 - deletecollection
149 - patch
150 - update
151 - apiGroups:
152 - ""
153 resources:
154 - serviceaccounts/token
155 verbs:
156 - create
157 - apiGroups:
158 - apps
159 resources:
160 - daemonsets
161 - deployments
162 - deployments/rollback
163 - deployments/scale
164 - replicasets
165 - replicasets/scale
166 - statefulsets
167 - statefulsets/scale
168 verbs:
169 - create
170 - delete
171 - deletecollection
172 - patch
173 - update
174 - apiGroups:
175 - autoscaling
176 resources:
177 - horizontalpodautoscalers
178 verbs:
179 - create
180 - delete
181 - deletecollection
182 - patch
183 - update
184 - apiGroups:
185 - batch
186 resources:
187 - cronjobs
188 - jobs
189 verbs:
190 - create
191 - delete
192 - deletecollection
193 - patch
194 - update
195 - apiGroups:
196 - extensions
197 resources:
198 - daemonsets
199 - deployments
200 - deployments/rollback
201 - deployments/scale
202 - ingresses
203 - networkpolicies
204 - replicasets
205 - replicasets/scale
206 - replicationcontrollers/scale
207 verbs:
208 - create
209 - delete
210 - deletecollection
211 - patch
212 - update
213 - apiGroups:
214 - policy
215 resources:
216 - poddisruptionbudgets
217 verbs:
218 - create
219 - delete
220 - deletecollection
221 - patch
222 - update
223 - apiGroups:
224 - networking.k8s.io
225 resources:
226 - ingresses
227 - networkpolicies
228 verbs:
229 - create
230 - delete
231 - deletecollection
232 - patch
233 - update
234 - apiGroups:
235 - coordination.k8s.io
236 resources:
237 - leases
238 verbs:
239 - create
240 - delete
241 - deletecollection
242 - get
243 - list
244 - patch
245 - update
246 - watch
247- apiVersion: rbac.authorization.k8s.io/v1
248 kind: ClusterRole
249 metadata:
250 annotations:
251 rbac.authorization.kubernetes.io/autoupdate: "true"
252 creationTimestamp: null
253 labels:
254 kubernetes.io/bootstrapping: rbac-defaults
255 rbac.authorization.k8s.io/aggregate-to-view: "true"
256 name: system:aggregate-to-view
257 rules:
258 - apiGroups:
259 - ""
260 resources:
261 - configmaps
262 - endpoints
263 - persistentvolumeclaims
264 - persistentvolumeclaims/status
265 - pods
266 - replicationcontrollers
267 - replicationcontrollers/scale
268 - serviceaccounts
269 - services
270 - services/status
271 verbs:
272 - get
273 - list
274 - watch
275 - apiGroups:
276 - ""
277 resources:
278 - bindings
279 - events
280 - limitranges
281 - namespaces/status
282 - pods/log
283 - pods/status
284 - replicationcontrollers/status
285 - resourcequotas
286 - resourcequotas/status
287 verbs:
288 - get
289 - list
290 - watch
291 - apiGroups:
292 - ""
293 resources:
294 - namespaces
295 verbs:
296 - get
297 - list
298 - watch
299 - apiGroups:
300 - discovery.k8s.io
301 resources:
302 - endpointslices
303 verbs:
304 - get
305 - list
306 - watch
307 - apiGroups:
308 - apps
309 resources:
310 - controllerrevisions
311 - daemonsets
312 - daemonsets/status
313 - deployments
314 - deployments/scale
315 - deployments/status
316 - replicasets
317 - replicasets/scale
318 - replicasets/status
319 - statefulsets
320 - statefulsets/scale
321 - statefulsets/status
322 verbs:
323 - get
324 - list
325 - watch
326 - apiGroups:
327 - autoscaling
328 resources:
329 - horizontalpodautoscalers
330 - horizontalpodautoscalers/status
331 verbs:
332 - get
333 - list
334 - watch
335 - apiGroups:
336 - batch
337 resources:
338 - cronjobs
339 - cronjobs/status
340 - jobs
341 - jobs/status
342 verbs:
343 - get
344 - list
345 - watch
346 - apiGroups:
347 - extensions
348 resources:
349 - daemonsets
350 - daemonsets/status
351 - deployments
352 - deployments/scale
353 - deployments/status
354 - ingresses
355 - ingresses/status
356 - networkpolicies
357 - replicasets
358 - replicasets/scale
359 - replicasets/status
360 - replicationcontrollers/scale
361 verbs:
362 - get
363 - list
364 - watch
365 - apiGroups:
366 - policy
367 resources:
368 - poddisruptionbudgets
369 - poddisruptionbudgets/status
370 verbs:
371 - get
372 - list
373 - watch
374 - apiGroups:
375 - networking.k8s.io
376 resources:
377 - ingresses
378 - ingresses/status
379 - networkpolicies
380 verbs:
381 - get
382 - list
383 - watch
384- apiVersion: rbac.authorization.k8s.io/v1
385 kind: ClusterRole
386 metadata:
387 annotations:
388 rbac.authorization.kubernetes.io/autoupdate: "true"
389 creationTimestamp: null
390 labels:
391 kubernetes.io/bootstrapping: rbac-defaults
392 name: system:auth-delegator
393 rules:
394 - apiGroups:
395 - authentication.k8s.io
396 resources:
397 - tokenreviews
398 verbs:
399 - create
400 - apiGroups:
401 - authorization.k8s.io
402 resources:
403 - subjectaccessreviews
404 verbs:
405 - create
406- apiVersion: rbac.authorization.k8s.io/v1
407 kind: ClusterRole
408 metadata:
409 annotations:
410 rbac.authorization.kubernetes.io/autoupdate: "true"
411 creationTimestamp: null
412 labels:
413 kubernetes.io/bootstrapping: rbac-defaults
414 name: system:basic-user
415 rules:
416 - apiGroups:
417 - authorization.k8s.io
418 resources:
419 - selfsubjectaccessreviews
420 - selfsubjectrulesreviews
421 verbs:
422 - create
423 - apiGroups:
424 - authentication.k8s.io
425 resources:
426 - selfsubjectreviews
427 verbs:
428 - create
429- apiVersion: rbac.authorization.k8s.io/v1
430 kind: ClusterRole
431 metadata:
432 annotations:
433 rbac.authorization.kubernetes.io/autoupdate: "true"
434 creationTimestamp: null
435 labels:
436 kubernetes.io/bootstrapping: rbac-defaults
437 name: system:certificates.k8s.io:certificatesigningrequests:nodeclient
438 rules:
439 - apiGroups:
440 - certificates.k8s.io
441 resources:
442 - certificatesigningrequests/nodeclient
443 verbs:
444 - create
445- apiVersion: rbac.authorization.k8s.io/v1
446 kind: ClusterRole
447 metadata:
448 annotations:
449 rbac.authorization.kubernetes.io/autoupdate: "true"
450 creationTimestamp: null
451 labels:
452 kubernetes.io/bootstrapping: rbac-defaults
453 name: system:certificates.k8s.io:certificatesigningrequests:selfnodeclient
454 rules:
455 - apiGroups:
456 - certificates.k8s.io
457 resources:
458 - certificatesigningrequests/selfnodeclient
459 verbs:
460 - create
461- apiVersion: rbac.authorization.k8s.io/v1
462 kind: ClusterRole
463 metadata:
464 annotations:
465 rbac.authorization.kubernetes.io/autoupdate: "true"
466 creationTimestamp: null
467 labels:
468 kubernetes.io/bootstrapping: rbac-defaults
469 name: system:certificates.k8s.io:kube-apiserver-client-approver
470 rules:
471 - apiGroups:
472 - certificates.k8s.io
473 resourceNames:
474 - kubernetes.io/kube-apiserver-client
475 resources:
476 - signers
477 verbs:
478 - approve
479- apiVersion: rbac.authorization.k8s.io/v1
480 kind: ClusterRole
481 metadata:
482 annotations:
483 rbac.authorization.kubernetes.io/autoupdate: "true"
484 creationTimestamp: null
485 labels:
486 kubernetes.io/bootstrapping: rbac-defaults
487 name: system:certificates.k8s.io:kube-apiserver-client-kubelet-approver
488 rules:
489 - apiGroups:
490 - certificates.k8s.io
491 resourceNames:
492 - kubernetes.io/kube-apiserver-client-kubelet
493 resources:
494 - signers
495 verbs:
496 - approve
497- apiVersion: rbac.authorization.k8s.io/v1
498 kind: ClusterRole
499 metadata:
500 annotations:
501 rbac.authorization.kubernetes.io/autoupdate: "true"
502 creationTimestamp: null
503 labels:
504 kubernetes.io/bootstrapping: rbac-defaults
505 name: system:certificates.k8s.io:kubelet-serving-approver
506 rules:
507 - apiGroups:
508 - certificates.k8s.io
509 resourceNames:
510 - kubernetes.io/kubelet-serving
511 resources:
512 - signers
513 verbs:
514 - approve
515- apiVersion: rbac.authorization.k8s.io/v1
516 kind: ClusterRole
517 metadata:
518 annotations:
519 rbac.authorization.kubernetes.io/autoupdate: "true"
520 creationTimestamp: null
521 labels:
522 kubernetes.io/bootstrapping: rbac-defaults
523 name: system:certificates.k8s.io:legacy-unknown-approver
524 rules:
525 - apiGroups:
526 - certificates.k8s.io
527 resourceNames:
528 - kubernetes.io/legacy-unknown
529 resources:
530 - signers
531 verbs:
532 - approve
533- apiVersion: rbac.authorization.k8s.io/v1
534 kind: ClusterRole
535 metadata:
536 annotations:
537 rbac.authorization.kubernetes.io/autoupdate: "true"
538 creationTimestamp: null
539 labels:
540 kubernetes.io/bootstrapping: rbac-defaults
541 name: system:discovery
542 rules:
543 - nonResourceURLs:
544 - /api
545 - /api/*
546 - /apis
547 - /apis/*
548 - /healthz
549 - /livez
550 - /openapi
551 - /openapi/*
552 - /readyz
553 - /version
554 - /version/
555 verbs:
556 - get
557- apiVersion: rbac.authorization.k8s.io/v1
558 kind: ClusterRole
559 metadata:
560 annotations:
561 rbac.authorization.kubernetes.io/autoupdate: "true"
562 creationTimestamp: null
563 labels:
564 kubernetes.io/bootstrapping: rbac-defaults
565 name: system:heapster
566 rules:
567 - apiGroups:
568 - ""
569 resources:
570 - events
571 - namespaces
572 - nodes
573 - pods
574 verbs:
575 - get
576 - list
577 - watch
578 - apiGroups:
579 - extensions
580 resources:
581 - deployments
582 verbs:
583 - get
584 - list
585 - watch
586- apiVersion: rbac.authorization.k8s.io/v1
587 kind: ClusterRole
588 metadata:
589 annotations:
590 rbac.authorization.kubernetes.io/autoupdate: "true"
591 creationTimestamp: null
592 labels:
593 kubernetes.io/bootstrapping: rbac-defaults
594 name: system:kube-aggregator
595 rules:
596 - apiGroups:
597 - ""
598 resources:
599 - endpoints
600 - services
601 verbs:
602 - get
603 - list
604 - watch
605- apiVersion: rbac.authorization.k8s.io/v1
606 kind: ClusterRole
607 metadata:
608 annotations:
609 rbac.authorization.kubernetes.io/autoupdate: "true"
610 creationTimestamp: null
611 labels:
612 kubernetes.io/bootstrapping: rbac-defaults
613 name: system:kube-controller-manager
614 rules:
615 - apiGroups:
616 - ""
617 - events.k8s.io
618 resources:
619 - events
620 verbs:
621 - create
622 - patch
623 - update
624 - apiGroups:
625 - coordination.k8s.io
626 resources:
627 - leases
628 verbs:
629 - create
630 - apiGroups:
631 - coordination.k8s.io
632 resourceNames:
633 - kube-controller-manager
634 resources:
635 - leases
636 verbs:
637 - get
638 - update
639 - apiGroups:
640 - ""
641 resources:
642 - secrets
643 - serviceaccounts
644 verbs:
645 - create
646 - apiGroups:
647 - ""
648 resources:
649 - secrets
650 verbs:
651 - delete
652 - apiGroups:
653 - ""
654 resources:
655 - configmaps
656 - namespaces
657 - secrets
658 - serviceaccounts
659 verbs:
660 - get
661 - apiGroups:
662 - ""
663 resources:
664 - secrets
665 - serviceaccounts
666 verbs:
667 - update
668 - apiGroups:
669 - authentication.k8s.io
670 resources:
671 - tokenreviews
672 verbs:
673 - create
674 - apiGroups:
675 - authorization.k8s.io
676 resources:
677 - subjectaccessreviews
678 verbs:
679 - create
680 - apiGroups:
681 - '*'
682 resources:
683 - '*'
684 verbs:
685 - list
686 - watch
687 - apiGroups:
688 - ""
689 resources:
690 - serviceaccounts/token
691 verbs:
692 - create
693- apiVersion: rbac.authorization.k8s.io/v1
694 kind: ClusterRole
695 metadata:
696 annotations:
697 rbac.authorization.kubernetes.io/autoupdate: "true"
698 creationTimestamp: null
699 labels:
700 kubernetes.io/bootstrapping: rbac-defaults
701 name: system:kube-dns
702 rules:
703 - apiGroups:
704 - ""
705 resources:
706 - endpoints
707 - services
708 verbs:
709 - list
710 - watch
711- apiVersion: rbac.authorization.k8s.io/v1
712 kind: ClusterRole
713 metadata:
714 annotations:
715 rbac.authorization.kubernetes.io/autoupdate: "true"
716 creationTimestamp: null
717 labels:
718 kubernetes.io/bootstrapping: rbac-defaults
719 name: system:kube-scheduler
720 rules:
721 - apiGroups:
722 - ""
723 - events.k8s.io
724 resources:
725 - events
726 verbs:
727 - create
728 - patch
729 - update
730 - apiGroups:
731 - coordination.k8s.io
732 resources:
733 - leases
734 verbs:
735 - create
736 - apiGroups:
737 - coordination.k8s.io
738 resourceNames:
739 - kube-scheduler
740 resources:
741 - leases
742 verbs:
743 - get
744 - update
745 - apiGroups:
746 - ""
747 resources:
748 - nodes
749 verbs:
750 - get
751 - list
752 - watch
753 - apiGroups:
754 - ""
755 resources:
756 - pods
757 verbs:
758 - delete
759 - get
760 - list
761 - watch
762 - apiGroups:
763 - ""
764 resources:
765 - bindings
766 - pods/binding
767 verbs:
768 - create
769 - apiGroups:
770 - ""
771 resources:
772 - pods/status
773 verbs:
774 - patch
775 - update
776 - apiGroups:
777 - ""
778 resources:
779 - replicationcontrollers
780 - services
781 verbs:
782 - get
783 - list
784 - watch
785 - apiGroups:
786 - apps
787 - extensions
788 resources:
789 - replicasets
790 verbs:
791 - get
792 - list
793 - watch
794 - apiGroups:
795 - apps
796 resources:
797 - statefulsets
798 verbs:
799 - get
800 - list
801 - watch
802 - apiGroups:
803 - policy
804 resources:
805 - poddisruptionbudgets
806 verbs:
807 - get
808 - list
809 - watch
810 - apiGroups:
811 - ""
812 resources:
813 - persistentvolumeclaims
814 - persistentvolumes
815 verbs:
816 - get
817 - list
818 - watch
819 - apiGroups:
820 - authentication.k8s.io
821 resources:
822 - tokenreviews
823 verbs:
824 - create
825 - apiGroups:
826 - authorization.k8s.io
827 resources:
828 - subjectaccessreviews
829 verbs:
830 - create
831 - apiGroups:
832 - storage.k8s.io
833 resources:
834 - csinodes
835 verbs:
836 - get
837 - list
838 - watch
839 - apiGroups:
840 - ""
841 resources:
842 - namespaces
843 verbs:
844 - get
845 - list
846 - watch
847 - apiGroups:
848 - storage.k8s.io
849 resources:
850 - csidrivers
851 verbs:
852 - get
853 - list
854 - watch
855 - apiGroups:
856 - storage.k8s.io
857 resources:
858 - csistoragecapacities
859 verbs:
860 - get
861 - list
862 - watch
863- apiVersion: rbac.authorization.k8s.io/v1
864 kind: ClusterRole
865 metadata:
866 annotations:
867 rbac.authorization.kubernetes.io/autoupdate: "true"
868 creationTimestamp: null
869 labels:
870 kubernetes.io/bootstrapping: rbac-defaults
871 name: system:kubelet-api-admin
872 rules:
873 - apiGroups:
874 - ""
875 resources:
876 - nodes
877 verbs:
878 - get
879 - list
880 - watch
881 - apiGroups:
882 - ""
883 resources:
884 - nodes
885 verbs:
886 - proxy
887 - apiGroups:
888 - ""
889 resources:
890 - nodes/log
891 - nodes/metrics
892 - nodes/proxy
893 - nodes/stats
894 verbs:
895 - '*'
896- apiVersion: rbac.authorization.k8s.io/v1
897 kind: ClusterRole
898 metadata:
899 annotations:
900 rbac.authorization.kubernetes.io/autoupdate: "true"
901 creationTimestamp: null
902 labels:
903 kubernetes.io/bootstrapping: rbac-defaults
904 name: system:monitoring
905 rules:
906 - nonResourceURLs:
907 - /healthz
908 - /healthz/*
909 - /livez
910 - /livez/*
911 - /metrics
912 - /metrics/slis
913 - /readyz
914 - /readyz/*
915 verbs:
916 - get
917- apiVersion: rbac.authorization.k8s.io/v1
918 kind: ClusterRole
919 metadata:
920 annotations:
921 rbac.authorization.kubernetes.io/autoupdate: "true"
922 creationTimestamp: null
923 labels:
924 kubernetes.io/bootstrapping: rbac-defaults
925 name: system:node
926 rules:
927 - apiGroups:
928 - authentication.k8s.io
929 resources:
930 - tokenreviews
931 verbs:
932 - create
933 - apiGroups:
934 - authorization.k8s.io
935 resources:
936 - localsubjectaccessreviews
937 - subjectaccessreviews
938 verbs:
939 - create
940 - apiGroups:
941 - ""
942 resources:
943 - services
944 verbs:
945 - get
946 - list
947 - watch
948 - apiGroups:
949 - ""
950 resources:
951 - nodes
952 verbs:
953 - create
954 - get
955 - list
956 - watch
957 - apiGroups:
958 - ""
959 resources:
960 - nodes/status
961 verbs:
962 - patch
963 - update
964 - apiGroups:
965 - ""
966 resources:
967 - nodes
968 verbs:
969 - patch
970 - update
971 - apiGroups:
972 - ""
973 resources:
974 - events
975 verbs:
976 - create
977 - patch
978 - update
979 - apiGroups:
980 - ""
981 resources:
982 - pods
983 verbs:
984 - get
985 - list
986 - watch
987 - apiGroups:
988 - ""
989 resources:
990 - pods
991 verbs:
992 - create
993 - delete
994 - apiGroups:
995 - ""
996 resources:
997 - pods/status
998 verbs:
999 - patch
1000 - update
1001 - apiGroups:
1002 - ""
1003 resources:
1004 - pods/eviction
1005 verbs:
1006 - create
1007 - apiGroups:
1008 - ""
1009 resources:
1010 - configmaps
1011 - secrets
1012 verbs:
1013 - get
1014 - list
1015 - watch
1016 - apiGroups:
1017 - ""
1018 resources:
1019 - persistentvolumeclaims
1020 - persistentvolumes
1021 verbs:
1022 - get
1023 - apiGroups:
1024 - ""
1025 resources:
1026 - endpoints
1027 verbs:
1028 - get
1029 - apiGroups:
1030 - certificates.k8s.io
1031 resources:
1032 - certificatesigningrequests
1033 verbs:
1034 - create
1035 - get
1036 - list
1037 - watch
1038 - apiGroups:
1039 - coordination.k8s.io
1040 resources:
1041 - leases
1042 verbs:
1043 - create
1044 - delete
1045 - get
1046 - patch
1047 - update
1048 - apiGroups:
1049 - storage.k8s.io
1050 resources:
1051 - volumeattachments
1052 verbs:
1053 - get
1054 - apiGroups:
1055 - ""
1056 resources:
1057 - serviceaccounts/token
1058 verbs:
1059 - create
1060 - apiGroups:
1061 - ""
1062 resources:
1063 - persistentvolumeclaims/status
1064 verbs:
1065 - get
1066 - patch
1067 - update
1068 - apiGroups:
1069 - storage.k8s.io
1070 resources:
1071 - csidrivers
1072 verbs:
1073 - get
1074 - list
1075 - watch
1076 - apiGroups:
1077 - storage.k8s.io
1078 resources:
1079 - csinodes
1080 verbs:
1081 - create
1082 - delete
1083 - get
1084 - patch
1085 - update
1086 - apiGroups:
1087 - node.k8s.io
1088 resources:
1089 - runtimeclasses
1090 verbs:
1091 - get
1092 - list
1093 - watch
1094- apiVersion: rbac.authorization.k8s.io/v1
1095 kind: ClusterRole
1096 metadata:
1097 annotations:
1098 rbac.authorization.kubernetes.io/autoupdate: "true"
1099 creationTimestamp: null
1100 labels:
1101 kubernetes.io/bootstrapping: rbac-defaults
1102 name: system:node-bootstrapper
1103 rules:
1104 - apiGroups:
1105 - certificates.k8s.io
1106 resources:
1107 - certificatesigningrequests
1108 verbs:
1109 - create
1110 - get
1111 - list
1112 - watch
1113- apiVersion: rbac.authorization.k8s.io/v1
1114 kind: ClusterRole
1115 metadata:
1116 annotations:
1117 rbac.authorization.kubernetes.io/autoupdate: "true"
1118 creationTimestamp: null
1119 labels:
1120 kubernetes.io/bootstrapping: rbac-defaults
1121 name: system:node-problem-detector
1122 rules:
1123 - apiGroups:
1124 - ""
1125 resources:
1126 - nodes
1127 verbs:
1128 - get
1129 - apiGroups:
1130 - ""
1131 resources:
1132 - nodes/status
1133 verbs:
1134 - patch
1135 - apiGroups:
1136 - ""
1137 - events.k8s.io
1138 resources:
1139 - events
1140 verbs:
1141 - create
1142 - patch
1143 - update
1144- apiVersion: rbac.authorization.k8s.io/v1
1145 kind: ClusterRole
1146 metadata:
1147 annotations:
1148 rbac.authorization.kubernetes.io/autoupdate: "true"
1149 creationTimestamp: null
1150 labels:
1151 kubernetes.io/bootstrapping: rbac-defaults
1152 name: system:node-proxier
1153 rules:
1154 - apiGroups:
1155 - ""
1156 resources:
1157 - endpoints
1158 - services
1159 verbs:
1160 - list
1161 - watch
1162 - apiGroups:
1163 - ""
1164 resources:
1165 - nodes
1166 verbs:
1167 - get
1168 - list
1169 - watch
1170 - apiGroups:
1171 - ""
1172 - events.k8s.io
1173 resources:
1174 - events
1175 verbs:
1176 - create
1177 - patch
1178 - update
1179 - apiGroups:
1180 - discovery.k8s.io
1181 resources:
1182 - endpointslices
1183 verbs:
1184 - list
1185 - watch
1186- apiVersion: rbac.authorization.k8s.io/v1
1187 kind: ClusterRole
1188 metadata:
1189 annotations:
1190 rbac.authorization.kubernetes.io/autoupdate: "true"
1191 creationTimestamp: null
1192 labels:
1193 kubernetes.io/bootstrapping: rbac-defaults
1194 name: system:persistent-volume-provisioner
1195 rules:
1196 - apiGroups:
1197 - ""
1198 resources:
1199 - persistentvolumes
1200 verbs:
1201 - create
1202 - delete
1203 - get
1204 - list
1205 - watch
1206 - apiGroups:
1207 - ""
1208 resources:
1209 - persistentvolumeclaims
1210 verbs:
1211 - get
1212 - list
1213 - update
1214 - watch
1215 - apiGroups:
1216 - storage.k8s.io
1217 resources:
1218 - storageclasses
1219 verbs:
1220 - get
1221 - list
1222 - watch
1223 - apiGroups:
1224 - ""
1225 resources:
1226 - events
1227 verbs:
1228 - watch
1229 - apiGroups:
1230 - ""
1231 - events.k8s.io
1232 resources:
1233 - events
1234 verbs:
1235 - create
1236 - patch
1237 - update
1238- apiVersion: rbac.authorization.k8s.io/v1
1239 kind: ClusterRole
1240 metadata:
1241 annotations:
1242 rbac.authorization.kubernetes.io/autoupdate: "true"
1243 creationTimestamp: null
1244 labels:
1245 kubernetes.io/bootstrapping: rbac-defaults
1246 name: system:public-info-viewer
1247 rules:
1248 - nonResourceURLs:
1249 - /healthz
1250 - /livez
1251 - /readyz
1252 - /version
1253 - /version/
1254 verbs:
1255 - get
1256- apiVersion: rbac.authorization.k8s.io/v1
1257 kind: ClusterRole
1258 metadata:
1259 annotations:
1260 rbac.authorization.kubernetes.io/autoupdate: "true"
1261 creationTimestamp: null
1262 labels:
1263 kubernetes.io/bootstrapping: rbac-defaults
1264 name: system:service-account-issuer-discovery
1265 rules:
1266 - nonResourceURLs:
1267 - /.well-known/openid-configuration
1268 - /.well-known/openid-configuration/
1269 - /openid/v1/jwks
1270 - /openid/v1/jwks/
1271 verbs:
1272 - get
1273- apiVersion: rbac.authorization.k8s.io/v1
1274 kind: ClusterRole
1275 metadata:
1276 annotations:
1277 rbac.authorization.kubernetes.io/autoupdate: "true"
1278 creationTimestamp: null
1279 labels:
1280 kubernetes.io/bootstrapping: rbac-defaults
1281 name: system:volume-scheduler
1282 rules:
1283 - apiGroups:
1284 - ""
1285 resources:
1286 - persistentvolumes
1287 verbs:
1288 - get
1289 - list
1290 - patch
1291 - update
1292 - watch
1293 - apiGroups:
1294 - storage.k8s.io
1295 resources:
1296 - storageclasses
1297 verbs:
1298 - get
1299 - list
1300 - watch
1301 - apiGroups:
1302 - ""
1303 resources:
1304 - persistentvolumeclaims
1305 verbs:
1306 - get
1307 - list
1308 - patch
1309 - update
1310 - watch
1311- aggregationRule:
1312 clusterRoleSelectors:
1313 - matchLabels:
1314 rbac.authorization.k8s.io/aggregate-to-view: "true"
1315 apiVersion: rbac.authorization.k8s.io/v1
1316 kind: ClusterRole
1317 metadata:
1318 annotations:
1319 rbac.authorization.kubernetes.io/autoupdate: "true"
1320 creationTimestamp: null
1321 labels:
1322 kubernetes.io/bootstrapping: rbac-defaults
1323 rbac.authorization.k8s.io/aggregate-to-edit: "true"
1324 name: view
1325 rules: null
1326kind: List
1327metadata: {}
View as plain text