Role:
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: gauss
name: gauss-op
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
RoleBinding:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: bach-gauss-rb
namespace: gauss
subjects:
- kind: ServiceAccount
name: bach-gauss
roleRef:
kind: Role
name: gauss-op
apiGroup: rbac.authorization.k8s.io
ClusterRole:
apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRole
metadata:
name: cluster-read-all
rules:
-
apiGroups:
- ""
- apps
- autoscaling
- batch
- extensions
- policy
- rbac.authorization.k8s.io
resources:
- componentstatuses
- configmaps
- daemonsets
- deployments
- events
- endpoints
- horizontalpodautoscalers
- ingress
- jobs
- limitranges
- namespaces
- nodes
- pods
- persistentvolumes
- persistentvolumeclaims
- resourcequotas
- replicasets
- replicationcontrollers
- serviceaccounts
- services
- secrets
- ingresses
- statefulsets
verbs:
- get
- watch
- list
- nonResourceURLs: ["*"]
verbs:
- get
- watch
- list
ClusterRoleBinding
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: read-secrets-global
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-read-all
apiGroup: rbac.authorization.k8s.io