1apiVersion: v1
2items:
3- apiVersion: rbac.authorization.k8s.io/v1
4 kind: ClusterRole
5 metadata:
6 annotations:
7 rbac.authorization.kubernetes.io/autoupdate: "true"
8 creationTimestamp: null
9 labels:
10 kubernetes.io/bootstrapping: rbac-defaults
11 name: system:controller:attachdetach-controller
12 rules:
13 - apiGroups:
14 - ""
15 resources:
16 - persistentvolumeclaims
17 - persistentvolumes
18 verbs:
19 - list
20 - watch
21 - apiGroups:
22 - ""
23 resources:
24 - nodes
25 verbs:
26 - get
27 - list
28 - watch
29 - apiGroups:
30 - ""
31 resources:
32 - nodes/status
33 verbs:
34 - patch
35 - update
36 - apiGroups:
37 - ""
38 resources:
39 - pods
40 verbs:
41 - list
42 - watch
43 - apiGroups:
44 - ""
45 - events.k8s.io
46 resources:
47 - events
48 verbs:
49 - create
50 - patch
51 - update
52 - apiGroups:
53 - storage.k8s.io
54 resources:
55 - volumeattachments
56 verbs:
57 - create
58 - delete
59 - get
60 - list
61 - watch
62 - apiGroups:
63 - storage.k8s.io
64 resources:
65 - csidrivers
66 verbs:
67 - get
68 - list
69 - watch
70 - apiGroups:
71 - storage.k8s.io
72 resources:
73 - csinodes
74 verbs:
75 - get
76 - list
77 - watch
78- apiVersion: rbac.authorization.k8s.io/v1
79 kind: ClusterRole
80 metadata:
81 annotations:
82 rbac.authorization.kubernetes.io/autoupdate: "true"
83 creationTimestamp: null
84 labels:
85 kubernetes.io/bootstrapping: rbac-defaults
86 name: system:controller:certificate-controller
87 rules:
88 - apiGroups:
89 - certificates.k8s.io
90 resources:
91 - certificatesigningrequests
92 verbs:
93 - delete
94 - get
95 - list
96 - watch
97 - apiGroups:
98 - certificates.k8s.io
99 resources:
100 - certificatesigningrequests/approval
101 - certificatesigningrequests/status
102 verbs:
103 - update
104 - apiGroups:
105 - certificates.k8s.io
106 resourceNames:
107 - kubernetes.io/kube-apiserver-client-kubelet
108 resources:
109 - signers
110 verbs:
111 - approve
112 - apiGroups:
113 - certificates.k8s.io
114 resourceNames:
115 - kubernetes.io/kube-apiserver-client
116 - kubernetes.io/kube-apiserver-client-kubelet
117 - kubernetes.io/kubelet-serving
118 - kubernetes.io/legacy-unknown
119 resources:
120 - signers
121 verbs:
122 - sign
123 - apiGroups:
124 - authorization.k8s.io
125 resources:
126 - subjectaccessreviews
127 verbs:
128 - create
129 - apiGroups:
130 - ""
131 - events.k8s.io
132 resources:
133 - events
134 verbs:
135 - create
136 - patch
137 - update
138- apiVersion: rbac.authorization.k8s.io/v1
139 kind: ClusterRole
140 metadata:
141 annotations:
142 rbac.authorization.kubernetes.io/autoupdate: "true"
143 creationTimestamp: null
144 labels:
145 kubernetes.io/bootstrapping: rbac-defaults
146 name: system:controller:clusterrole-aggregation-controller
147 rules:
148 - apiGroups:
149 - rbac.authorization.k8s.io
150 resources:
151 - clusterroles
152 verbs:
153 - escalate
154 - get
155 - list
156 - patch
157 - update
158 - watch
159- apiVersion: rbac.authorization.k8s.io/v1
160 kind: ClusterRole
161 metadata:
162 annotations:
163 rbac.authorization.kubernetes.io/autoupdate: "true"
164 creationTimestamp: null
165 labels:
166 kubernetes.io/bootstrapping: rbac-defaults
167 name: system:controller:cronjob-controller
168 rules:
169 - apiGroups:
170 - batch
171 resources:
172 - cronjobs
173 verbs:
174 - get
175 - list
176 - update
177 - watch
178 - apiGroups:
179 - batch
180 resources:
181 - jobs
182 verbs:
183 - create
184 - delete
185 - get
186 - list
187 - patch
188 - update
189 - watch
190 - apiGroups:
191 - batch
192 resources:
193 - cronjobs/status
194 verbs:
195 - update
196 - apiGroups:
197 - batch
198 resources:
199 - cronjobs/finalizers
200 verbs:
201 - update
202 - apiGroups:
203 - ""
204 resources:
205 - pods
206 verbs:
207 - delete
208 - list
209 - apiGroups:
210 - ""
211 - events.k8s.io
212 resources:
213 - events
214 verbs:
215 - create
216 - patch
217 - update
218- apiVersion: rbac.authorization.k8s.io/v1
219 kind: ClusterRole
220 metadata:
221 annotations:
222 rbac.authorization.kubernetes.io/autoupdate: "true"
223 creationTimestamp: null
224 labels:
225 kubernetes.io/bootstrapping: rbac-defaults
226 name: system:controller:daemon-set-controller
227 rules:
228 - apiGroups:
229 - apps
230 - extensions
231 resources:
232 - daemonsets
233 verbs:
234 - get
235 - list
236 - watch
237 - apiGroups:
238 - apps
239 - extensions
240 resources:
241 - daemonsets/status
242 verbs:
243 - update
244 - apiGroups:
245 - apps
246 - extensions
247 resources:
248 - daemonsets/finalizers
249 verbs:
250 - update
251 - apiGroups:
252 - ""
253 resources:
254 - nodes
255 verbs:
256 - list
257 - watch
258 - apiGroups:
259 - ""
260 resources:
261 - pods
262 verbs:
263 - create
264 - delete
265 - list
266 - patch
267 - watch
268 - apiGroups:
269 - ""
270 resources:
271 - pods/binding
272 verbs:
273 - create
274 - apiGroups:
275 - apps
276 resources:
277 - controllerrevisions
278 verbs:
279 - create
280 - delete
281 - get
282 - list
283 - patch
284 - update
285 - watch
286 - apiGroups:
287 - ""
288 - events.k8s.io
289 resources:
290 - events
291 verbs:
292 - create
293 - patch
294 - update
295- apiVersion: rbac.authorization.k8s.io/v1
296 kind: ClusterRole
297 metadata:
298 annotations:
299 rbac.authorization.kubernetes.io/autoupdate: "true"
300 creationTimestamp: null
301 labels:
302 kubernetes.io/bootstrapping: rbac-defaults
303 name: system:controller:deployment-controller
304 rules:
305 - apiGroups:
306 - apps
307 - extensions
308 resources:
309 - deployments
310 verbs:
311 - get
312 - list
313 - update
314 - watch
315 - apiGroups:
316 - apps
317 - extensions
318 resources:
319 - deployments/status
320 verbs:
321 - update
322 - apiGroups:
323 - apps
324 - extensions
325 resources:
326 - deployments/finalizers
327 verbs:
328 - update
329 - apiGroups:
330 - apps
331 - extensions
332 resources:
333 - replicasets
334 verbs:
335 - create
336 - delete
337 - get
338 - list
339 - patch
340 - update
341 - watch
342 - apiGroups:
343 - ""
344 resources:
345 - pods
346 verbs:
347 - get
348 - list
349 - update
350 - watch
351 - apiGroups:
352 - ""
353 - events.k8s.io
354 resources:
355 - events
356 verbs:
357 - create
358 - patch
359 - update
360- apiVersion: rbac.authorization.k8s.io/v1
361 kind: ClusterRole
362 metadata:
363 annotations:
364 rbac.authorization.kubernetes.io/autoupdate: "true"
365 creationTimestamp: null
366 labels:
367 kubernetes.io/bootstrapping: rbac-defaults
368 name: system:controller:disruption-controller
369 rules:
370 - apiGroups:
371 - apps
372 - extensions
373 resources:
374 - deployments
375 verbs:
376 - get
377 - list
378 - watch
379 - apiGroups:
380 - apps
381 - extensions
382 resources:
383 - replicasets
384 verbs:
385 - get
386 - list
387 - watch
388 - apiGroups:
389 - ""
390 resources:
391 - replicationcontrollers
392 verbs:
393 - get
394 - list
395 - watch
396 - apiGroups:
397 - policy
398 resources:
399 - poddisruptionbudgets
400 verbs:
401 - get
402 - list
403 - watch
404 - apiGroups:
405 - apps
406 resources:
407 - statefulsets
408 verbs:
409 - get
410 - list
411 - watch
412 - apiGroups:
413 - policy
414 resources:
415 - poddisruptionbudgets/status
416 verbs:
417 - update
418 - apiGroups:
419 - '*'
420 resources:
421 - '*/scale'
422 verbs:
423 - get
424 - apiGroups:
425 - ""
426 - events.k8s.io
427 resources:
428 - events
429 verbs:
430 - create
431 - patch
432 - update
433 - apiGroups:
434 - ""
435 resources:
436 - pods/status
437 verbs:
438 - patch
439 - update
440- apiVersion: rbac.authorization.k8s.io/v1
441 kind: ClusterRole
442 metadata:
443 annotations:
444 rbac.authorization.kubernetes.io/autoupdate: "true"
445 creationTimestamp: null
446 labels:
447 kubernetes.io/bootstrapping: rbac-defaults
448 name: system:controller:endpoint-controller
449 rules:
450 - apiGroups:
451 - ""
452 resources:
453 - pods
454 - services
455 verbs:
456 - get
457 - list
458 - watch
459 - apiGroups:
460 - ""
461 resources:
462 - endpoints
463 verbs:
464 - create
465 - delete
466 - get
467 - list
468 - update
469 - apiGroups:
470 - ""
471 resources:
472 - endpoints/restricted
473 verbs:
474 - create
475 - apiGroups:
476 - ""
477 - events.k8s.io
478 resources:
479 - events
480 verbs:
481 - create
482 - patch
483 - update
484- apiVersion: rbac.authorization.k8s.io/v1
485 kind: ClusterRole
486 metadata:
487 annotations:
488 rbac.authorization.kubernetes.io/autoupdate: "true"
489 creationTimestamp: null
490 labels:
491 kubernetes.io/bootstrapping: rbac-defaults
492 name: system:controller:endpointslice-controller
493 rules:
494 - apiGroups:
495 - ""
496 resources:
497 - nodes
498 - pods
499 - services
500 verbs:
501 - get
502 - list
503 - watch
504 - apiGroups:
505 - ""
506 resources:
507 - services/finalizers
508 verbs:
509 - update
510 - apiGroups:
511 - discovery.k8s.io
512 resources:
513 - endpointslices
514 verbs:
515 - create
516 - delete
517 - get
518 - list
519 - update
520 - apiGroups:
521 - ""
522 - events.k8s.io
523 resources:
524 - events
525 verbs:
526 - create
527 - patch
528 - update
529- apiVersion: rbac.authorization.k8s.io/v1
530 kind: ClusterRole
531 metadata:
532 annotations:
533 rbac.authorization.kubernetes.io/autoupdate: "true"
534 creationTimestamp: null
535 labels:
536 kubernetes.io/bootstrapping: rbac-defaults
537 name: system:controller:endpointslicemirroring-controller
538 rules:
539 - apiGroups:
540 - ""
541 resources:
542 - endpoints
543 - services
544 verbs:
545 - get
546 - list
547 - watch
548 - apiGroups:
549 - ""
550 resources:
551 - services/finalizers
552 verbs:
553 - update
554 - apiGroups:
555 - ""
556 resources:
557 - endpoints/finalizers
558 verbs:
559 - update
560 - apiGroups:
561 - discovery.k8s.io
562 resources:
563 - endpointslices
564 verbs:
565 - create
566 - delete
567 - get
568 - list
569 - update
570 - apiGroups:
571 - ""
572 - events.k8s.io
573 resources:
574 - events
575 verbs:
576 - create
577 - patch
578 - update
579- apiVersion: rbac.authorization.k8s.io/v1
580 kind: ClusterRole
581 metadata:
582 annotations:
583 rbac.authorization.kubernetes.io/autoupdate: "true"
584 creationTimestamp: null
585 labels:
586 kubernetes.io/bootstrapping: rbac-defaults
587 name: system:controller:ephemeral-volume-controller
588 rules:
589 - apiGroups:
590 - ""
591 resources:
592 - pods
593 verbs:
594 - get
595 - list
596 - watch
597 - apiGroups:
598 - ""
599 resources:
600 - pods/finalizers
601 verbs:
602 - update
603 - apiGroups:
604 - ""
605 resources:
606 - persistentvolumeclaims
607 verbs:
608 - create
609 - get
610 - list
611 - watch
612 - apiGroups:
613 - ""
614 - events.k8s.io
615 resources:
616 - events
617 verbs:
618 - create
619 - patch
620 - update
621- apiVersion: rbac.authorization.k8s.io/v1
622 kind: ClusterRole
623 metadata:
624 annotations:
625 rbac.authorization.kubernetes.io/autoupdate: "true"
626 creationTimestamp: null
627 labels:
628 kubernetes.io/bootstrapping: rbac-defaults
629 name: system:controller:expand-controller
630 rules:
631 - apiGroups:
632 - ""
633 resources:
634 - persistentvolumes
635 verbs:
636 - get
637 - list
638 - patch
639 - update
640 - watch
641 - apiGroups:
642 - ""
643 resources:
644 - persistentvolumeclaims/status
645 verbs:
646 - patch
647 - update
648 - apiGroups:
649 - ""
650 resources:
651 - persistentvolumeclaims
652 verbs:
653 - get
654 - list
655 - watch
656 - apiGroups:
657 - storage.k8s.io
658 resources:
659 - storageclasses
660 verbs:
661 - get
662 - list
663 - watch
664 - apiGroups:
665 - ""
666 resources:
667 - endpoints
668 - services
669 verbs:
670 - get
671 - apiGroups:
672 - ""
673 resources:
674 - secrets
675 verbs:
676 - get
677 - apiGroups:
678 - ""
679 - events.k8s.io
680 resources:
681 - events
682 verbs:
683 - create
684 - patch
685 - update
686- apiVersion: rbac.authorization.k8s.io/v1
687 kind: ClusterRole
688 metadata:
689 annotations:
690 rbac.authorization.kubernetes.io/autoupdate: "true"
691 creationTimestamp: null
692 labels:
693 kubernetes.io/bootstrapping: rbac-defaults
694 name: system:controller:generic-garbage-collector
695 rules:
696 - apiGroups:
697 - '*'
698 resources:
699 - '*'
700 verbs:
701 - delete
702 - get
703 - list
704 - patch
705 - update
706 - watch
707 - apiGroups:
708 - ""
709 - events.k8s.io
710 resources:
711 - events
712 verbs:
713 - create
714 - patch
715 - update
716- apiVersion: rbac.authorization.k8s.io/v1
717 kind: ClusterRole
718 metadata:
719 annotations:
720 rbac.authorization.kubernetes.io/autoupdate: "true"
721 creationTimestamp: null
722 labels:
723 kubernetes.io/bootstrapping: rbac-defaults
724 name: system:controller:horizontal-pod-autoscaler
725 rules:
726 - apiGroups:
727 - autoscaling
728 resources:
729 - horizontalpodautoscalers
730 verbs:
731 - get
732 - list
733 - watch
734 - apiGroups:
735 - autoscaling
736 resources:
737 - horizontalpodautoscalers/status
738 verbs:
739 - update
740 - apiGroups:
741 - '*'
742 resources:
743 - '*/scale'
744 verbs:
745 - get
746 - update
747 - apiGroups:
748 - ""
749 resources:
750 - pods
751 verbs:
752 - list
753 - apiGroups:
754 - metrics.k8s.io
755 resources:
756 - pods
757 verbs:
758 - list
759 - apiGroups:
760 - custom.metrics.k8s.io
761 resources:
762 - '*'
763 verbs:
764 - get
765 - list
766 - apiGroups:
767 - external.metrics.k8s.io
768 resources:
769 - '*'
770 verbs:
771 - get
772 - list
773 - apiGroups:
774 - ""
775 - events.k8s.io
776 resources:
777 - events
778 verbs:
779 - create
780 - patch
781 - update
782- apiVersion: rbac.authorization.k8s.io/v1
783 kind: ClusterRole
784 metadata:
785 annotations:
786 rbac.authorization.kubernetes.io/autoupdate: "true"
787 creationTimestamp: null
788 labels:
789 kubernetes.io/bootstrapping: rbac-defaults
790 name: system:controller:job-controller
791 rules:
792 - apiGroups:
793 - batch
794 resources:
795 - jobs
796 verbs:
797 - get
798 - list
799 - patch
800 - update
801 - watch
802 - apiGroups:
803 - batch
804 resources:
805 - jobs/status
806 verbs:
807 - update
808 - apiGroups:
809 - batch
810 resources:
811 - jobs/finalizers
812 verbs:
813 - update
814 - apiGroups:
815 - ""
816 resources:
817 - pods
818 verbs:
819 - create
820 - delete
821 - list
822 - patch
823 - watch
824 - apiGroups:
825 - ""
826 - events.k8s.io
827 resources:
828 - events
829 verbs:
830 - create
831 - patch
832 - update
833- apiVersion: rbac.authorization.k8s.io/v1
834 kind: ClusterRole
835 metadata:
836 annotations:
837 rbac.authorization.kubernetes.io/autoupdate: "true"
838 creationTimestamp: null
839 labels:
840 kubernetes.io/bootstrapping: rbac-defaults
841 name: system:controller:legacy-service-account-token-cleaner
842 rules:
843 - apiGroups:
844 - ""
845 resourceNames:
846 - kube-apiserver-legacy-service-account-token-tracking
847 resources:
848 - configmaps
849 verbs:
850 - get
851 - apiGroups:
852 - ""
853 resources:
854 - secrets
855 verbs:
856 - delete
857 - patch
858- apiVersion: rbac.authorization.k8s.io/v1
859 kind: ClusterRole
860 metadata:
861 annotations:
862 rbac.authorization.kubernetes.io/autoupdate: "true"
863 creationTimestamp: null
864 labels:
865 kubernetes.io/bootstrapping: rbac-defaults
866 name: system:controller:namespace-controller
867 rules:
868 - apiGroups:
869 - ""
870 resources:
871 - namespaces
872 verbs:
873 - delete
874 - get
875 - list
876 - watch
877 - apiGroups:
878 - ""
879 resources:
880 - namespaces/finalize
881 - namespaces/status
882 verbs:
883 - update
884 - apiGroups:
885 - '*'
886 resources:
887 - '*'
888 verbs:
889 - delete
890 - deletecollection
891 - get
892 - list
893- apiVersion: rbac.authorization.k8s.io/v1
894 kind: ClusterRole
895 metadata:
896 annotations:
897 rbac.authorization.kubernetes.io/autoupdate: "true"
898 creationTimestamp: null
899 labels:
900 kubernetes.io/bootstrapping: rbac-defaults
901 name: system:controller:node-controller
902 rules:
903 - apiGroups:
904 - ""
905 resources:
906 - nodes
907 verbs:
908 - delete
909 - get
910 - list
911 - patch
912 - update
913 - apiGroups:
914 - ""
915 resources:
916 - nodes/status
917 verbs:
918 - patch
919 - update
920 - apiGroups:
921 - ""
922 resources:
923 - pods/status
924 verbs:
925 - patch
926 - update
927 - apiGroups:
928 - ""
929 resources:
930 - pods
931 verbs:
932 - delete
933 - list
934 - apiGroups:
935 - ""
936 - events.k8s.io
937 resources:
938 - events
939 verbs:
940 - create
941 - patch
942 - update
943 - apiGroups:
944 - ""
945 resources:
946 - pods
947 verbs:
948 - get
949- apiVersion: rbac.authorization.k8s.io/v1
950 kind: ClusterRole
951 metadata:
952 annotations:
953 rbac.authorization.kubernetes.io/autoupdate: "true"
954 creationTimestamp: null
955 labels:
956 kubernetes.io/bootstrapping: rbac-defaults
957 name: system:controller:persistent-volume-binder
958 rules:
959 - apiGroups:
960 - ""
961 resources:
962 - persistentvolumes
963 verbs:
964 - create
965 - delete
966 - get
967 - list
968 - update
969 - watch
970 - apiGroups:
971 - ""
972 resources:
973 - persistentvolumes/status
974 verbs:
975 - update
976 - apiGroups:
977 - ""
978 resources:
979 - persistentvolumeclaims
980 verbs:
981 - get
982 - list
983 - update
984 - watch
985 - apiGroups:
986 - ""
987 resources:
988 - persistentvolumeclaims/status
989 verbs:
990 - update
991 - apiGroups:
992 - ""
993 resources:
994 - pods
995 verbs:
996 - create
997 - delete
998 - get
999 - list
1000 - watch
1001 - apiGroups:
1002 - storage.k8s.io
1003 resources:
1004 - storageclasses
1005 verbs:
1006 - get
1007 - list
1008 - watch
1009 - apiGroups:
1010 - ""
1011 resources:
1012 - endpoints
1013 verbs:
1014 - create
1015 - delete
1016 - get
1017 - update
1018 - apiGroups:
1019 - ""
1020 resources:
1021 - services
1022 verbs:
1023 - create
1024 - delete
1025 - get
1026 - apiGroups:
1027 - ""
1028 resources:
1029 - secrets
1030 verbs:
1031 - get
1032 - apiGroups:
1033 - ""
1034 resources:
1035 - nodes
1036 verbs:
1037 - get
1038 - list
1039 - apiGroups:
1040 - ""
1041 resources:
1042 - events
1043 verbs:
1044 - watch
1045 - apiGroups:
1046 - ""
1047 - events.k8s.io
1048 resources:
1049 - events
1050 verbs:
1051 - create
1052 - patch
1053 - update
1054- apiVersion: rbac.authorization.k8s.io/v1
1055 kind: ClusterRole
1056 metadata:
1057 annotations:
1058 rbac.authorization.kubernetes.io/autoupdate: "true"
1059 creationTimestamp: null
1060 labels:
1061 kubernetes.io/bootstrapping: rbac-defaults
1062 name: system:controller:pod-garbage-collector
1063 rules:
1064 - apiGroups:
1065 - ""
1066 resources:
1067 - pods
1068 verbs:
1069 - delete
1070 - list
1071 - watch
1072 - apiGroups:
1073 - ""
1074 resources:
1075 - nodes
1076 verbs:
1077 - get
1078 - list
1079 - apiGroups:
1080 - ""
1081 resources:
1082 - pods/status
1083 verbs:
1084 - patch
1085- apiVersion: rbac.authorization.k8s.io/v1
1086 kind: ClusterRole
1087 metadata:
1088 annotations:
1089 rbac.authorization.kubernetes.io/autoupdate: "true"
1090 creationTimestamp: null
1091 labels:
1092 kubernetes.io/bootstrapping: rbac-defaults
1093 name: system:controller:pv-protection-controller
1094 rules:
1095 - apiGroups:
1096 - ""
1097 resources:
1098 - persistentvolumes
1099 verbs:
1100 - get
1101 - list
1102 - update
1103 - watch
1104 - apiGroups:
1105 - ""
1106 - events.k8s.io
1107 resources:
1108 - events
1109 verbs:
1110 - create
1111 - patch
1112 - update
1113- apiVersion: rbac.authorization.k8s.io/v1
1114 kind: ClusterRole
1115 metadata:
1116 annotations:
1117 rbac.authorization.kubernetes.io/autoupdate: "true"
1118 creationTimestamp: null
1119 labels:
1120 kubernetes.io/bootstrapping: rbac-defaults
1121 name: system:controller:pvc-protection-controller
1122 rules:
1123 - apiGroups:
1124 - ""
1125 resources:
1126 - persistentvolumeclaims
1127 verbs:
1128 - get
1129 - list
1130 - update
1131 - watch
1132 - apiGroups:
1133 - ""
1134 resources:
1135 - pods
1136 verbs:
1137 - get
1138 - list
1139 - watch
1140 - apiGroups:
1141 - ""
1142 - events.k8s.io
1143 resources:
1144 - events
1145 verbs:
1146 - create
1147 - patch
1148 - update
1149- apiVersion: rbac.authorization.k8s.io/v1
1150 kind: ClusterRole
1151 metadata:
1152 annotations:
1153 rbac.authorization.kubernetes.io/autoupdate: "true"
1154 creationTimestamp: null
1155 labels:
1156 kubernetes.io/bootstrapping: rbac-defaults
1157 name: system:controller:replicaset-controller
1158 rules:
1159 - apiGroups:
1160 - apps
1161 - extensions
1162 resources:
1163 - replicasets
1164 verbs:
1165 - get
1166 - list
1167 - update
1168 - watch
1169 - apiGroups:
1170 - apps
1171 - extensions
1172 resources:
1173 - replicasets/status
1174 verbs:
1175 - update
1176 - apiGroups:
1177 - apps
1178 - extensions
1179 resources:
1180 - replicasets/finalizers
1181 verbs:
1182 - update
1183 - apiGroups:
1184 - ""
1185 resources:
1186 - pods
1187 verbs:
1188 - create
1189 - delete
1190 - list
1191 - patch
1192 - watch
1193 - apiGroups:
1194 - ""
1195 - events.k8s.io
1196 resources:
1197 - events
1198 verbs:
1199 - create
1200 - patch
1201 - update
1202- apiVersion: rbac.authorization.k8s.io/v1
1203 kind: ClusterRole
1204 metadata:
1205 annotations:
1206 rbac.authorization.kubernetes.io/autoupdate: "true"
1207 creationTimestamp: null
1208 labels:
1209 kubernetes.io/bootstrapping: rbac-defaults
1210 name: system:controller:replication-controller
1211 rules:
1212 - apiGroups:
1213 - ""
1214 resources:
1215 - replicationcontrollers
1216 verbs:
1217 - get
1218 - list
1219 - update
1220 - watch
1221 - apiGroups:
1222 - ""
1223 resources:
1224 - replicationcontrollers/status
1225 verbs:
1226 - update
1227 - apiGroups:
1228 - ""
1229 resources:
1230 - replicationcontrollers/finalizers
1231 verbs:
1232 - update
1233 - apiGroups:
1234 - ""
1235 resources:
1236 - pods
1237 verbs:
1238 - create
1239 - delete
1240 - list
1241 - patch
1242 - watch
1243 - apiGroups:
1244 - ""
1245 - events.k8s.io
1246 resources:
1247 - events
1248 verbs:
1249 - create
1250 - patch
1251 - update
1252- apiVersion: rbac.authorization.k8s.io/v1
1253 kind: ClusterRole
1254 metadata:
1255 annotations:
1256 rbac.authorization.kubernetes.io/autoupdate: "true"
1257 creationTimestamp: null
1258 labels:
1259 kubernetes.io/bootstrapping: rbac-defaults
1260 name: system:controller:resourcequota-controller
1261 rules:
1262 - apiGroups:
1263 - '*'
1264 resources:
1265 - '*'
1266 verbs:
1267 - list
1268 - watch
1269 - apiGroups:
1270 - ""
1271 resources:
1272 - resourcequotas/status
1273 verbs:
1274 - update
1275 - apiGroups:
1276 - ""
1277 - events.k8s.io
1278 resources:
1279 - events
1280 verbs:
1281 - create
1282 - patch
1283 - update
1284- apiVersion: rbac.authorization.k8s.io/v1
1285 kind: ClusterRole
1286 metadata:
1287 annotations:
1288 rbac.authorization.kubernetes.io/autoupdate: "true"
1289 creationTimestamp: null
1290 labels:
1291 kubernetes.io/bootstrapping: rbac-defaults
1292 name: system:controller:root-ca-cert-publisher
1293 rules:
1294 - apiGroups:
1295 - ""
1296 resources:
1297 - configmaps
1298 verbs:
1299 - create
1300 - update
1301 - apiGroups:
1302 - ""
1303 - events.k8s.io
1304 resources:
1305 - events
1306 verbs:
1307 - create
1308 - patch
1309 - update
1310- apiVersion: rbac.authorization.k8s.io/v1
1311 kind: ClusterRole
1312 metadata:
1313 annotations:
1314 rbac.authorization.kubernetes.io/autoupdate: "true"
1315 creationTimestamp: null
1316 labels:
1317 kubernetes.io/bootstrapping: rbac-defaults
1318 name: system:controller:route-controller
1319 rules:
1320 - apiGroups:
1321 - ""
1322 resources:
1323 - nodes
1324 verbs:
1325 - list
1326 - watch
1327 - apiGroups:
1328 - ""
1329 resources:
1330 - nodes/status
1331 verbs:
1332 - patch
1333 - apiGroups:
1334 - ""
1335 - events.k8s.io
1336 resources:
1337 - events
1338 verbs:
1339 - create
1340 - patch
1341 - update
1342- apiVersion: rbac.authorization.k8s.io/v1
1343 kind: ClusterRole
1344 metadata:
1345 annotations:
1346 rbac.authorization.kubernetes.io/autoupdate: "true"
1347 creationTimestamp: null
1348 labels:
1349 kubernetes.io/bootstrapping: rbac-defaults
1350 name: system:controller:service-account-controller
1351 rules:
1352 - apiGroups:
1353 - ""
1354 resources:
1355 - serviceaccounts
1356 verbs:
1357 - create
1358 - apiGroups:
1359 - ""
1360 - events.k8s.io
1361 resources:
1362 - events
1363 verbs:
1364 - create
1365 - patch
1366 - update
1367- apiVersion: rbac.authorization.k8s.io/v1
1368 kind: ClusterRole
1369 metadata:
1370 annotations:
1371 rbac.authorization.kubernetes.io/autoupdate: "true"
1372 creationTimestamp: null
1373 labels:
1374 kubernetes.io/bootstrapping: rbac-defaults
1375 name: system:controller:service-controller
1376 rules:
1377 - apiGroups:
1378 - ""
1379 resources:
1380 - services
1381 verbs:
1382 - get
1383 - list
1384 - watch
1385 - apiGroups:
1386 - ""
1387 resources:
1388 - services/status
1389 verbs:
1390 - patch
1391 - update
1392 - apiGroups:
1393 - ""
1394 resources:
1395 - nodes
1396 verbs:
1397 - list
1398 - watch
1399 - apiGroups:
1400 - ""
1401 - events.k8s.io
1402 resources:
1403 - events
1404 verbs:
1405 - create
1406 - patch
1407 - update
1408- apiVersion: rbac.authorization.k8s.io/v1
1409 kind: ClusterRole
1410 metadata:
1411 annotations:
1412 rbac.authorization.kubernetes.io/autoupdate: "true"
1413 creationTimestamp: null
1414 labels:
1415 kubernetes.io/bootstrapping: rbac-defaults
1416 name: system:controller:statefulset-controller
1417 rules:
1418 - apiGroups:
1419 - ""
1420 resources:
1421 - pods
1422 verbs:
1423 - list
1424 - watch
1425 - apiGroups:
1426 - apps
1427 resources:
1428 - statefulsets
1429 verbs:
1430 - get
1431 - list
1432 - watch
1433 - apiGroups:
1434 - apps
1435 resources:
1436 - statefulsets/status
1437 verbs:
1438 - update
1439 - apiGroups:
1440 - apps
1441 resources:
1442 - statefulsets/finalizers
1443 verbs:
1444 - update
1445 - apiGroups:
1446 - ""
1447 resources:
1448 - pods
1449 verbs:
1450 - create
1451 - delete
1452 - get
1453 - patch
1454 - update
1455 - apiGroups:
1456 - apps
1457 resources:
1458 - controllerrevisions
1459 verbs:
1460 - create
1461 - delete
1462 - get
1463 - list
1464 - patch
1465 - update
1466 - watch
1467 - apiGroups:
1468 - ""
1469 resources:
1470 - persistentvolumeclaims
1471 verbs:
1472 - create
1473 - get
1474 - apiGroups:
1475 - ""
1476 - events.k8s.io
1477 resources:
1478 - events
1479 verbs:
1480 - create
1481 - patch
1482 - update
1483 - apiGroups:
1484 - ""
1485 resources:
1486 - persistentvolumeclaims
1487 verbs:
1488 - delete
1489 - update
1490- apiVersion: rbac.authorization.k8s.io/v1
1491 kind: ClusterRole
1492 metadata:
1493 annotations:
1494 rbac.authorization.kubernetes.io/autoupdate: "true"
1495 creationTimestamp: null
1496 labels:
1497 kubernetes.io/bootstrapping: rbac-defaults
1498 name: system:controller:ttl-after-finished-controller
1499 rules:
1500 - apiGroups:
1501 - batch
1502 resources:
1503 - jobs
1504 verbs:
1505 - delete
1506 - get
1507 - list
1508 - watch
1509 - apiGroups:
1510 - ""
1511 - events.k8s.io
1512 resources:
1513 - events
1514 verbs:
1515 - create
1516 - patch
1517 - update
1518- apiVersion: rbac.authorization.k8s.io/v1
1519 kind: ClusterRole
1520 metadata:
1521 annotations:
1522 rbac.authorization.kubernetes.io/autoupdate: "true"
1523 creationTimestamp: null
1524 labels:
1525 kubernetes.io/bootstrapping: rbac-defaults
1526 name: system:controller:ttl-controller
1527 rules:
1528 - apiGroups:
1529 - ""
1530 resources:
1531 - nodes
1532 verbs:
1533 - list
1534 - patch
1535 - update
1536 - watch
1537 - apiGroups:
1538 - ""
1539 - events.k8s.io
1540 resources:
1541 - events
1542 verbs:
1543 - create
1544 - patch
1545 - update
1546- apiVersion: rbac.authorization.k8s.io/v1
1547 kind: ClusterRole
1548 metadata:
1549 annotations:
1550 rbac.authorization.kubernetes.io/autoupdate: "true"
1551 creationTimestamp: null
1552 labels:
1553 kubernetes.io/bootstrapping: rbac-defaults
1554 name: system:controller:validatingadmissionpolicy-status-controller
1555 rules:
1556 - apiGroups:
1557 - admissionregistration.k8s.io
1558 resources:
1559 - validatingadmissionpolicies
1560 verbs:
1561 - get
1562 - list
1563 - watch
1564 - apiGroups:
1565 - admissionregistration.k8s.io
1566 resources:
1567 - validatingadmissionpolicies/status
1568 verbs:
1569 - get
1570 - patch
1571 - update
1572 - apiGroups:
1573 - ""
1574 - events.k8s.io
1575 resources:
1576 - events
1577 verbs:
1578 - create
1579 - patch
1580 - update
1581kind: List
1582metadata: {}
View as plain text