Permalink
Cannot retrieve contributors at this time
| # https://github.com/dennyzhang/cheatsheet-kubernetes-A4 | |
| # https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: clusterrole-default | |
| rules: | |
| - apiGroups: [""] # "" indicates the core API group | |
| resources: ["configmaps"] | |
| verbs: ["get", "list", "watch", "patch"] | |
| - apiGroups: [""] # "" indicates the core API group | |
| resources: ["pods"] | |
| verbs: ["deletecollection"] | |
| # The sink-controller needs to be able to watch sinks | |
| - apiGroups: ["apps.mydomain.io"] | |
| resources: ["sinks"] | |
| verbs: ["get", "list", "watch"] | |
| # This rule is for kubernetes-metadata-filter | |
| - apiGroups: | |
| - "" | |
| - "apps" | |
| - "batch" | |
| resources: ["*"] | |
| verbs: ["get", "list", "watch"] | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: service-account-default | |
| subjects: | |
| - kind: ServiceAccount | |
| name: default | |
| namespace: default | |
| roleRef: | |
| kind: ClusterRole | |
| name: clusterrole-default | |
| apiGroup: rbac.authorization.k8s.io |