Home Explore Help
Sign In
wigust
/
dotfiles
Watch 2
Star 1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5fc73fc919
Branches Tags
dotfiles
/
apps
/
base
/
popeye
/
rbac.yaml

rbac.yaml 1.5 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 
  1. ---
    2. 

  2. # ServiceAccount definition for the CLI.
    3. 

  3. apiVersion: v1
    4. 

  4. kind: ServiceAccount
    5. 

  5. metadata:
    6. 

  6.   name: popeye
    7. 

  7.   namespace: popeye
    8. 

  8. 

  9. ---
    10. 

  10. # Popeye needs get/list access on the following Kubernetes resources.
    11. 

  11. apiVersion: rbac.authorization.k8s.io/v1
    12. 

  12. kind: ClusterRole
    13. 

  13. metadata:
    14. 

  14.   name: popeye
    15. 

  15. rules:
    16. 

  16. - apiGroups:
    17. 

  17.   - policy
    18. 

  18.   resources:
    19. 

  19.   - poddisruptionbudgets
    20. 

  20.   - podsecuritypolicies
    21. 

  21.   verbs:
    22. 

  22.   - get
    23. 

  23.   - list
    24. 

  24. - apiGroups:
    25. 

  25.   - autoscaling
    26. 

  26.   resources:
    27. 

  27.   - horizontalpodautoscalers
    28. 

  28.   verbs:
    29. 

  29.   - get
    30. 

  30.   - list
    31. 

  31. - apiGroups:
    32. 

  32.   - networking.k8s.io
    33. 

  33.   resources:
    34. 

  34.   - ingresses
    35. 

  35.   - networkpolicies
    36. 

  36.   verbs:
    37. 

  37.   - get
    38. 

  38.   - list
    39. 

  39. - apiGroups: [""]
    40. 

  40.   resources:
    41. 

  41.   - configmaps
    42. 

  42.   - endpoints
    43. 

  43.   - limitranges
    44. 

  44.   - namespaces
    45. 

  45.   - nodes
    46. 

  46.   - persistentvolumes
    47. 

  47.   - persistentvolumeclaims
    48. 

  48.   - pods
    49. 

  49.   - secrets
    50. 

  50.   - serviceaccounts
    51. 

  51.   - services
    52. 

  52.   verbs:
    53. 

  53.   - get
    54. 

  54.   - list
    55. 

  55. - apiGroups:
    56. 

  56.   - apps
    57. 

  57.   resources:
    58. 

  58.   - daemonsets
    59. 

  59.   - deployments
    60. 

  60.   - statefulsets
    61. 

  61.   - replicasets
    62. 

  62.   verbs:
    63. 

  63.   - get
    64. 

  64.   - list
    65. 

  65. - apiGroups:
    66. 

  66.   - rbac.authorization.k8s.io
    67. 

  67.   resources:
    68. 

  68.   - clusterroles
    69. 

  69.   - clusterrolebindings
    70. 

  70.   - roles
    71. 

  71.   - rolebindings
    72. 

  72.   verbs:
    73. 

  73.   - get
    74. 

  74.   - list
    75. 

  75. - apiGroups:
    76. 

  76.   - metrics.k8s.io
    77. 

  77.   resources:
    78. 

  78.   - pods
    79. 

  79.   - nodes
    80. 

  80.   verbs:
    81. 

  81.   - get
    82. 

  82.   - list
    83. 

  83. 

  84. ---
    85. 

  85. # ClusterRoleBinding to ties Popeye with the cluster
    86. 

  86. apiVersion: rbac.authorization.k8s.io/v1
    87. 

  87. kind: ClusterRoleBinding
    88. 

  88. metadata:
    89. 

  89.   name: popeye
    90. 

  90. subjects:
    91. 

  91. - kind: ServiceAccount
    92. 

  92.   name: popeye
    93. 

  93.   namespace: popeye
    94. 

  94. roleRef:
    95. 

  95.   kind: ClusterRole
    96. 

  96.   name: popeye
    97. 

  97.   apiGroup: rbac.authorization.k8s.io
    98. 

  98.