Permalink
Cannot retrieve contributors at this time
# https://github.com/dennyzhang/cheatsheet-kubernetes-A4 | |
# https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates | |
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: clusterrole-default | |
rules: | |
- apiGroups: [""] # "" indicates the core API group | |
resources: ["configmaps"] | |
verbs: ["get", "list", "watch", "patch"] | |
- apiGroups: [""] # "" indicates the core API group | |
resources: ["pods"] | |
verbs: ["deletecollection"] | |
# The sink-controller needs to be able to watch sinks | |
- apiGroups: ["apps.mydomain.io"] | |
resources: ["sinks"] | |
verbs: ["get", "list", "watch"] | |
# This rule is for kubernetes-metadata-filter | |
- apiGroups: | |
- "" | |
- "apps" | |
- "batch" | |
resources: ["*"] | |
verbs: ["get", "list", "watch"] | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: service-account-default | |
subjects: | |
- kind: ServiceAccount | |
name: default | |
namespace: default | |
roleRef: | |
kind: ClusterRole | |
name: clusterrole-default | |
apiGroup: rbac.authorization.k8s.io |