k8s-cluster/yaml/system/sa-rbac.yaml

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: admin-role
  namespace: ${nspace}
rules:
  - apiGroups: [ "", "extensions", "apps", "batch", "autoscaling" ]
    resources:
      - pods
      - pods/log
      - pods/exec
      - pods/portforward
      - daemonsets
      - deployments
      - services
      - replicasets
      - replicationcontrollers
      - statefulsets
      - horizontalpodautoscalers
      - jobs
      - cronjobs
      - events
      - ingresses
      - persistentvolumeclaims
      - certificates
      - configmaps
      - secrets
      - logs
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - delete
      - patch
  - apiGroups: [ "certmanager.k8s.io" ]
    resources:
      - issuers
    verbs:
      - get
      - list
      - watch
  - apiGroups: [ "certmanager.k8s.io" ]
    resources:
      - certificates
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - delete
      - patch
  - apiGroups: [ "networking.k8s.io" ]
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
      - create
      - update
      - delete
      - patch
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: admin-rolebinding
  namespace: ${nspace}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: admin-role
subjects:
- kind: ServiceAccount
  name: admin-sa
  namespace: ${nspace}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: admin-${nspace}-clusterrole
rules:
- apiGroups: [ "" ]
  resources:
    - persistentvolumes
  verbs: 
    - get
    - list
    - watch
    - create
    - update
    - delete
    - patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: admin-${nspace}-clusterrolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: admin-${nspace}-clusterrole
subjects:
- kind: ServiceAccount
  name: admin-sa
  namespace: ${nspace}
import from rtg 2024-05-17 22:03:38 -04:00			`---`
			`kind: Role`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: admin-role`
			`namespace: ${nspace}`
			`rules:`
			`- apiGroups: [ "", "extensions", "apps", "batch", "autoscaling" ]`
			`resources:`
			`- pods`
			`- pods/log`
			`- pods/exec`
			`- pods/portforward`
			`- daemonsets`
			`- deployments`
			`- services`
			`- replicasets`
			`- replicationcontrollers`
			`- statefulsets`
			`- horizontalpodautoscalers`
			`- jobs`
			`- cronjobs`
			`- events`
			`- ingresses`
			`- persistentvolumeclaims`
			`- certificates`
			`- configmaps`
			`- secrets`
			`- logs`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- create`
			`- update`
			`- delete`
			`- patch`
			`- apiGroups: [ "certmanager.k8s.io" ]`
			`resources:`
			`- issuers`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups: [ "certmanager.k8s.io" ]`
			`resources:`
			`- certificates`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- create`
			`- update`
			`- delete`
			`- patch`
			`- apiGroups: [ "networking.k8s.io" ]`
			`resources:`
			`- ingresses`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- create`
			`- update`
			`- delete`
			`- patch`
			`---`
			`kind: RoleBinding`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: admin-rolebinding`
			`namespace: ${nspace}`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: Role`
			`name: admin-role`
			`subjects:`
			`- kind: ServiceAccount`
			`name: admin-sa`
			`namespace: ${nspace}`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: admin-${nspace}-clusterrole`
			`rules:`
			`- apiGroups: [ "" ]`
			`resources:`
			`- persistentvolumes`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- create`
			`- update`
			`- delete`
			`- patch`
			`---`
			`kind: ClusterRoleBinding`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: admin-${nspace}-clusterrolebinding`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: admin-${nspace}-clusterrole`
			`subjects:`
			`- kind: ServiceAccount`
			`name: admin-sa`
			`namespace: ${nspace}`