-
Notifications
You must be signed in to change notification settings - Fork 466
/
serviceaccount-default.yaml
37 lines (37 loc) · 1016 Bytes
/
serviceaccount-default.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# https://github.com/dennyzhang/cheatsheet-kubernetes-A4
# https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: clusterrole-default
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["configmaps"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
verbs: ["deletecollection"]
# The sink-controller needs to be able to watch sinks
- apiGroups: ["apps.mydomain.io"]
resources: ["sinks"]
verbs: ["get", "list", "watch"]
# This rule is for kubernetes-metadata-filter
- apiGroups:
- ""
- "apps"
- "batch"
resources: ["*"]
verbs: ["get", "list", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: service-account-default
subjects:
- kind: ServiceAccount
name: default
namespace: default
roleRef:
kind: ClusterRole
name: clusterrole-default
apiGroup: rbac.authorization.k8s.io