68 lines
1.5 KiB
YAML
68 lines
1.5 KiB
YAML
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: readonly
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources:
|
|
- bindings
|
|
- componentstatuses
|
|
- configmaps
|
|
- endpoints
|
|
- events
|
|
- limitranges
|
|
- namespaces
|
|
- nodes
|
|
- persistentvolumeclaims
|
|
- persistentvolumes
|
|
- pods
|
|
- podtemplates
|
|
- replicationcontrollers
|
|
- resourcequotas
|
|
- serviceaccounts
|
|
- services
|
|
verbs: ["get", "list"]
|
|
- apiGroups:
|
|
- cert-manager.io
|
|
- admissionregistration.k8s.io
|
|
- apiextensions.k8s.io
|
|
- apiregistration.k8s.io
|
|
- apps
|
|
- authentication.k8s.io
|
|
- autoscaling
|
|
- batch
|
|
- certificaterequests.cert-manager.io
|
|
- certificates.cert-manager.io
|
|
- certificates.k8s.io
|
|
- cloud.tencent.com
|
|
- coordination.k8s.io
|
|
- discovery.k8s.io
|
|
- events.k8s.io
|
|
- extensions
|
|
- install.istio.io
|
|
- metrics.k8s.io
|
|
- monitoring.coreos.com
|
|
- networking.istio.io
|
|
- node.k8s.io
|
|
- policy
|
|
- rbac.authorization.k8s.io
|
|
- scheduling.k8s.io
|
|
- security.istio.io
|
|
- storage.k8s.io
|
|
resources: ["*"]
|
|
verbs: ["get", "list"]
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: roc
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: readonly
|
|
subjects:
|
|
- apiGroup: rbac.authorization.k8s.io
|
|
kind: User
|
|
name: roc
|