k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/addons/rbac/cluster-autoscaler/cluster-autoscaler-rbac.yaml

k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/addons/rbac/cluster-autoscaler/cluster-autoscaler-rbac.yaml (about)

     1  kind: ClusterRole
     2  apiVersion: rbac.authorization.k8s.io/v1
     3  metadata:
     4    name: cluster-autoscaler
     5    labels:
     6      addonmanager.kubernetes.io/mode: Reconcile
     7  rules:
     8    # leader election
     9    - apiGroups: ["coordination.k8s.io"]
    10      resources: ["leases"]
    11      verbs: ["create"]
    12    - apiGroups: ["coordination.k8s.io"]
    13      resources: ["leases"]
    14      resourceNames: ["cluster-autoscaler"]
    15      verbs: ["get", "update", "patch", "delete"]
    16    # accessing & modifying cluster state (nodes & pods)
    17    - apiGroups: [""]
    18      resources: ["nodes"]
    19      verbs: ["get", "list", "watch", "update", "patch"]
    20    - apiGroups: [""]
    21      resources: ["pods"]
    22      verbs: ["get", "list", "watch"]
    23    - apiGroups: [""]
    24      resources: ["pods/eviction"]
    25      verbs: ["create"]
    26    # read-only access to cluster state
    27    - apiGroups: [""]
    28      resources: ["services", "replicationcontrollers", "persistentvolumes", "persistentvolumeclaims"]
    29      verbs: ["get", "list", "watch"]
    30    - apiGroups: ["apps"]
    31      resources: ["daemonsets", "replicasets"]
    32      verbs: ["get", "list", "watch"]
    33    - apiGroups: ["apps"]
    34      resources: ["statefulsets"]
    35      verbs: ["get", "list", "watch"]
    36    - apiGroups: ["batch"]
    37      resources: ["jobs"]
    38      verbs: ["get", "list", "watch"]
    39    - apiGroups: ["policy"]
    40      resources: ["poddisruptionbudgets"]
    41      verbs: ["get", "list", "watch"]
    42    - apiGroups: ["storage.k8s.io"]
    43      resources: ["storageclasses", "csinodes"]
    44      verbs: ["get", "list", "watch"]
    45    # misc access
    46    - apiGroups: [""]
    47      resources: ["events"]
    48      verbs: ["create", "update", "patch"]
    49    - apiGroups: [""]
    50      resources: ["configmaps"]
    51      verbs: ["create"]
    52    - apiGroups: [""]
    53      resources: ["configmaps"]
    54      resourceNames: ["cluster-autoscaler-status"]
    55      verbs: ["get", "update", "patch", "delete"]
    56  ---
    57  kind: ClusterRoleBinding
    58  apiVersion: rbac.authorization.k8s.io/v1
    59  metadata:
    60    name: cluster-autoscaler
    61    labels:
    62      addonmanager.kubernetes.io/mode: Reconcile
    63  subjects:
    64    - kind: User
    65      name: cluster-autoscaler
    66      namespace: kube-system
    67  roleRef:
    68    kind: ClusterRole
    69    name: cluster-autoscaler
    70    apiGroup: rbac.authorization.k8s.io
    71