71 lines
1.9 KiB
YAML
71 lines
1.9 KiB
YAML
---
|
|
kind: Role
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
metadata:
|
|
name: admin-role
|
|
namespace: ${nspace}
|
|
rules:
|
|
- apiGroups: [ "", "extensions", "apps", "batch", "autoscaling" ]
|
|
resources: [ "pods", "daemonsets", "deployments", "services", "replicasets", "replicationcontrollers", "statefulsets", "horizontalpodautoscalers", "jobs", "cronjobs", "events", "ingresses", "persistentvolumeclaims", "certificates", "configmaps", "secrets", "logs", "pods/log", "pods/exec", "pods/portforward" ]
|
|
verbs: [ "get", "list", "watch", "create", "update", "delete", "patch" ]
|
|
---
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
metadata:
|
|
name: admin-rolebinding
|
|
namespace: ${nspace}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: admin-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: admin-sa
|
|
namespace: ${nspace}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: Role
|
|
metadata:
|
|
name: admin-cert-role
|
|
namespace: ${nspace}
|
|
rules:
|
|
- apiGroups: [ "certmanager.k8s.io" ]
|
|
resources: [ "issuers", "certificates" ]
|
|
verbs: [ "get", "list", "watch", "create", "update", "delete" ]
|
|
---
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
metadata:
|
|
name: admin-cert-rolebinding
|
|
namespace: ${nspace}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: admin-cert-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: admin-sa
|
|
namespace: ${nspace}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: admin-${nspace}-clusterrole
|
|
rules:
|
|
- apiGroups: [ "" ]
|
|
resources: [ "persistentvolumes" ]
|
|
verbs: [ "get", "list", "watch", "create", "update", "delete", "patch" ]
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: admin-${nspace}-clusterrolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: admin-${nspace}-clusterrole
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: admin-sa
|
|
namespace: ${nspace}
|