Created
February 23, 2017 01:36
-
-
Save jimmycuadra/debcb78145d0063534c9e87080b50b8b to your computer and use it in GitHub Desktop.
Default RBAC cluster roles and cluster role bindings built into Kubernetes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
items: | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRoleBinding | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: cluster-admin | |
namespace: "" | |
resourceVersion: "35" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingscluster-admin | |
uid: 8ebbea7e-f95b-11e6-b7e3-06719fa7f3e2 | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: cluster-admin | |
subjects: | |
- kind: Group | |
name: system:masters | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRoleBinding | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: system:basic-user | |
namespace: "" | |
resourceVersion: "37" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingssystem%3Abasic-user | |
uid: 8ebd7422-f95b-11e6-b7e3-06719fa7f3e2 | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: system:basic-user | |
subjects: | |
- kind: Group | |
name: system:authenticated | |
- kind: Group | |
name: system:unauthenticated | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRoleBinding | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: system:controller:replication-controller | |
namespace: "" | |
resourceVersion: "40" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingssystem%3Acontroller%3Areplication-controller | |
uid: 8ebfa72e-f95b-11e6-b7e3-06719fa7f3e2 | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: system:controller:replication-controller | |
subjects: | |
- kind: ServiceAccount | |
name: replication-controller | |
namespace: kube-system | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRoleBinding | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: system:discovery | |
namespace: "" | |
resourceVersion: "36" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingssystem%3Adiscovery | |
uid: 8ebcc0d1-f95b-11e6-b7e3-06719fa7f3e2 | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: system:discovery | |
subjects: | |
- kind: Group | |
name: system:authenticated | |
- kind: Group | |
name: system:unauthenticated | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRoleBinding | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: system:node | |
namespace: "" | |
resourceVersion: "38" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingssystem%3Anode | |
uid: 8ebe2c59-f95b-11e6-b7e3-06719fa7f3e2 | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: system:node | |
subjects: | |
- kind: Group | |
name: system:nodes | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRoleBinding | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: system:node-proxier | |
namespace: "" | |
resourceVersion: "39" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolebindingssystem%3Anode-proxier | |
uid: 8ebeecb2-f95b-11e6-b7e3-06719fa7f3e2 | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: system:node-proxier | |
subjects: | |
- kind: Group | |
name: system:nodes | |
kind: List | |
metadata: {} | |
resourceVersion: "" | |
selfLink: "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
items: | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRole | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: admin | |
namespace: "" | |
resourceVersion: "27" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolesadmin | |
uid: 8eaf41a3-f95b-11e6-b7e3-06719fa7f3e2 | |
rules: | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- pods | |
- pods/attach | |
- pods/proxy | |
- pods/exec | |
- pods/portforward | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- replicationcontrollers | |
- replicationcontrollers/scale | |
- serviceaccounts | |
- services | |
- services/proxy | |
- endpoints | |
- persistentvolumeclaims | |
- configmaps | |
- secrets | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- limitranges | |
- resourcequotas | |
- bindings | |
- events | |
- pods/status | |
- resourcequotas/status | |
- namespaces/status | |
- replicationcontrollers/status | |
- pods/log | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- namespaces | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- serviceaccounts | |
verbs: | |
- impersonate | |
- apiGroups: | |
- apps | |
attributeRestrictions: null | |
resources: | |
- statefulsets | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- autoscaling | |
attributeRestrictions: null | |
resources: | |
- horizontalpodautoscalers | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- batch | |
attributeRestrictions: null | |
resources: | |
- jobs | |
- cronjobs | |
- scheduledjobs | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- extensions | |
attributeRestrictions: null | |
resources: | |
- jobs | |
- daemonsets | |
- horizontalpodautoscalers | |
- replicationcontrollers/scale | |
- replicasets | |
- replicasets/scale | |
- deployments | |
- deployments/scale | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- authorization.k8s.io | |
attributeRestrictions: null | |
resources: | |
- localsubjectaccessreviews | |
verbs: | |
- create | |
- apiGroups: | |
- rbac.authorization.k8s.io | |
attributeRestrictions: null | |
resources: | |
- roles | |
- rolebindings | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRole | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: cluster-admin | |
namespace: "" | |
resourceVersion: "23" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolescluster-admin | |
uid: 8ea9f07c-f95b-11e6-b7e3-06719fa7f3e2 | |
rules: | |
- apiGroups: | |
- '*' | |
attributeRestrictions: null | |
resources: | |
- '*' | |
verbs: | |
- '*' | |
- attributeRestrictions: null | |
nonResourceURLs: | |
- '*' | |
verbs: | |
- '*' | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRole | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: edit | |
namespace: "" | |
resourceVersion: "28" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolesedit | |
uid: 8eb0ee95-f95b-11e6-b7e3-06719fa7f3e2 | |
rules: | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- pods | |
- pods/attach | |
- pods/proxy | |
- pods/exec | |
- pods/portforward | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- replicationcontrollers | |
- replicationcontrollers/scale | |
- serviceaccounts | |
- services | |
- services/proxy | |
- endpoints | |
- persistentvolumeclaims | |
- configmaps | |
- secrets | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- limitranges | |
- resourcequotas | |
- bindings | |
- events | |
- pods/status | |
- resourcequotas/status | |
- namespaces/status | |
- replicationcontrollers/status | |
- pods/log | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- namespaces | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- serviceaccounts | |
verbs: | |
- impersonate | |
- apiGroups: | |
- apps | |
attributeRestrictions: null | |
resources: | |
- statefulsets | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- autoscaling | |
attributeRestrictions: null | |
resources: | |
- horizontalpodautoscalers | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- batch | |
attributeRestrictions: null | |
resources: | |
- jobs | |
- cronjobs | |
- scheduledjobs | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiGroups: | |
- extensions | |
attributeRestrictions: null | |
resources: | |
- jobs | |
- daemonsets | |
- horizontalpodautoscalers | |
- replicationcontrollers/scale | |
- replicasets | |
- replicasets/scale | |
- deployments | |
- deployments/scale | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- delete | |
- deletecollection | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRole | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: system:basic-user | |
namespace: "" | |
resourceVersion: "25" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolessystem%3Abasic-user | |
uid: 8eae32cd-f95b-11e6-b7e3-06719fa7f3e2 | |
rules: | |
- apiGroups: | |
- authorization.k8s.io | |
attributeRestrictions: null | |
resources: | |
- selfsubjectaccessreviews | |
verbs: | |
- create | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRole | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: system:controller:replication-controller | |
namespace: "" | |
resourceVersion: "34" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolessystem%3Acontroller%3Areplication-controller | |
uid: 8eb94cb5-f95b-11e6-b7e3-06719fa7f3e2 | |
rules: | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- replicationcontrollers | |
verbs: | |
- get | |
- list | |
- watch | |
- update | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- replicationcontrollers/status | |
verbs: | |
- update | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- pods | |
verbs: | |
- list | |
- watch | |
- create | |
- delete | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- events | |
verbs: | |
- create | |
- update | |
- patch | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRole | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: system:discovery | |
namespace: "" | |
resourceVersion: "24" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolessystem%3Adiscovery | |
uid: 8eac7adf-f95b-11e6-b7e3-06719fa7f3e2 | |
rules: | |
- attributeRestrictions: null | |
nonResourceURLs: | |
- /version | |
- /api | |
- /api/* | |
- /apis | |
- /apis/* | |
verbs: | |
- get | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRole | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: system:node | |
namespace: "" | |
resourceVersion: "31" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolessystem%3Anode | |
uid: 8eb5092b-f95b-11e6-b7e3-06719fa7f3e2 | |
rules: | |
- apiGroups: | |
- authentication.k8s.io | |
attributeRestrictions: null | |
resources: | |
- tokenreviews | |
verbs: | |
- create | |
- apiGroups: | |
- authorization.k8s.io | |
attributeRestrictions: null | |
resources: | |
- subjectaccessreviews | |
- localsubjectaccessreviews | |
verbs: | |
- create | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- services | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- nodes | |
verbs: | |
- create | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- nodes/status | |
verbs: | |
- update | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- events | |
verbs: | |
- create | |
- update | |
- patch | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- pods | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- pods | |
verbs: | |
- get | |
- create | |
- delete | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- pods/status | |
verbs: | |
- update | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- secrets | |
- configmaps | |
verbs: | |
- get | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- persistentvolumeclaims | |
- persistentvolumes | |
verbs: | |
- get | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- endpoints | |
verbs: | |
- get | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRole | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: system:node-proxier | |
namespace: "" | |
resourceVersion: "33" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolessystem%3Anode-proxier | |
uid: 8eb6a508-f95b-11e6-b7e3-06719fa7f3e2 | |
rules: | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- services | |
- endpoints | |
verbs: | |
- list | |
- watch | |
- apiVersion: rbac.authorization.k8s.io/v1alpha1 | |
kind: ClusterRole | |
metadata: | |
creationTimestamp: 2017-02-23T00:03:51Z | |
name: view | |
namespace: "" | |
resourceVersion: "30" | |
selfLink: /apis/rbac.authorization.k8s.io/v1alpha1/clusterrolesview | |
uid: 8eb33331-f95b-11e6-b7e3-06719fa7f3e2 | |
rules: | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- pods | |
- replicationcontrollers | |
- replicationcontrollers/scale | |
- serviceaccounts | |
- services | |
- endpoints | |
- persistentvolumeclaims | |
- configmaps | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- limitranges | |
- resourcequotas | |
- bindings | |
- events | |
- pods/status | |
- resourcequotas/status | |
- namespaces/status | |
- replicationcontrollers/status | |
- pods/log | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
attributeRestrictions: null | |
resources: | |
- namespaces | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- apps | |
attributeRestrictions: null | |
resources: | |
- statefulsets | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- autoscaling | |
attributeRestrictions: null | |
resources: | |
- horizontalpodautoscalers | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- batch | |
attributeRestrictions: null | |
resources: | |
- jobs | |
- cronjobs | |
- scheduledjobs | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- extensions | |
attributeRestrictions: null | |
resources: | |
- jobs | |
- daemonsets | |
- horizontalpodautoscalers | |
- replicationcontrollers/scale | |
- replicasets | |
- replicasets/scale | |
- deployments | |
- deployments/scale | |
verbs: | |
- get | |
- list | |
- watch | |
kind: List | |
metadata: {} | |
resourceVersion: "" | |
selfLink: "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment