k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml (about) 1 apiVersion: v1 2 items: 3 - aggregationRule: 4 clusterRoleSelectors: 5 - matchLabels: 6 rbac.authorization.k8s.io/aggregate-to-admin: "true" 7 apiVersion: rbac.authorization.k8s.io/v1 8 kind: ClusterRole 9 metadata: 10 annotations: 11 rbac.authorization.kubernetes.io/autoupdate: "true" 12 creationTimestamp: null 13 labels: 14 kubernetes.io/bootstrapping: rbac-defaults 15 name: admin 16 rules: null 17 - apiVersion: rbac.authorization.k8s.io/v1 18 kind: ClusterRole 19 metadata: 20 annotations: 21 rbac.authorization.kubernetes.io/autoupdate: "true" 22 creationTimestamp: null 23 labels: 24 kubernetes.io/bootstrapping: rbac-defaults 25 name: cluster-admin 26 rules: 27 - apiGroups: 28 - '*' 29 resources: 30 - '*' 31 verbs: 32 - '*' 33 - nonResourceURLs: 34 - '*' 35 verbs: 36 - '*' 37 - aggregationRule: 38 clusterRoleSelectors: 39 - matchLabels: 40 rbac.authorization.k8s.io/aggregate-to-edit: "true" 41 apiVersion: rbac.authorization.k8s.io/v1 42 kind: ClusterRole 43 metadata: 44 annotations: 45 rbac.authorization.kubernetes.io/autoupdate: "true" 46 creationTimestamp: null 47 labels: 48 kubernetes.io/bootstrapping: rbac-defaults 49 rbac.authorization.k8s.io/aggregate-to-admin: "true" 50 name: edit 51 rules: null 52 - apiVersion: rbac.authorization.k8s.io/v1 53 kind: ClusterRole 54 metadata: 55 annotations: 56 rbac.authorization.kubernetes.io/autoupdate: "true" 57 creationTimestamp: null 58 labels: 59 kubernetes.io/bootstrapping: rbac-defaults 60 rbac.authorization.k8s.io/aggregate-to-admin: "true" 61 name: system:aggregate-to-admin 62 rules: 63 - apiGroups: 64 - authorization.k8s.io 65 resources: 66 - localsubjectaccessreviews 67 verbs: 68 - create 69 - apiGroups: 70 - rbac.authorization.k8s.io 71 resources: 72 - rolebindings 73 - roles 74 verbs: 75 - create 76 - delete 77 - deletecollection 78 - get 79 - list 80 - patch 81 - update 82 - watch 83 - apiVersion: rbac.authorization.k8s.io/v1 84 kind: ClusterRole 85 metadata: 86 annotations: 87 rbac.authorization.kubernetes.io/autoupdate: "true" 88 creationTimestamp: null 89 labels: 90 kubernetes.io/bootstrapping: rbac-defaults 91 rbac.authorization.k8s.io/aggregate-to-edit: "true" 92 name: system:aggregate-to-edit 93 rules: 94 - apiGroups: 95 - "" 96 resources: 97 - pods/attach 98 - pods/exec 99 - pods/portforward 100 - pods/proxy 101 - secrets 102 - services/proxy 103 verbs: 104 - get 105 - list 106 - watch 107 - apiGroups: 108 - "" 109 resources: 110 - serviceaccounts 111 verbs: 112 - impersonate 113 - apiGroups: 114 - "" 115 resources: 116 - pods 117 - pods/attach 118 - pods/exec 119 - pods/portforward 120 - pods/proxy 121 verbs: 122 - create 123 - delete 124 - deletecollection 125 - patch 126 - update 127 - apiGroups: 128 - "" 129 resources: 130 - pods/eviction 131 verbs: 132 - create 133 - apiGroups: 134 - "" 135 resources: 136 - configmaps 137 - events 138 - persistentvolumeclaims 139 - replicationcontrollers 140 - replicationcontrollers/scale 141 - secrets 142 - serviceaccounts 143 - services 144 - services/proxy 145 verbs: 146 - create 147 - delete 148 - deletecollection 149 - patch 150 - update 151 - apiGroups: 152 - "" 153 resources: 154 - serviceaccounts/token 155 verbs: 156 - create 157 - apiGroups: 158 - apps 159 resources: 160 - daemonsets 161 - deployments 162 - deployments/rollback 163 - deployments/scale 164 - replicasets 165 - replicasets/scale 166 - statefulsets 167 - statefulsets/scale 168 verbs: 169 - create 170 - delete 171 - deletecollection 172 - patch 173 - update 174 - apiGroups: 175 - autoscaling 176 resources: 177 - horizontalpodautoscalers 178 verbs: 179 - create 180 - delete 181 - deletecollection 182 - patch 183 - update 184 - apiGroups: 185 - batch 186 resources: 187 - cronjobs 188 - jobs 189 verbs: 190 - create 191 - delete 192 - deletecollection 193 - patch 194 - update 195 - apiGroups: 196 - extensions 197 resources: 198 - daemonsets 199 - deployments 200 - deployments/rollback 201 - deployments/scale 202 - ingresses 203 - networkpolicies 204 - replicasets 205 - replicasets/scale 206 - replicationcontrollers/scale 207 verbs: 208 - create 209 - delete 210 - deletecollection 211 - patch 212 - update 213 - apiGroups: 214 - policy 215 resources: 216 - poddisruptionbudgets 217 verbs: 218 - create 219 - delete 220 - deletecollection 221 - patch 222 - update 223 - apiGroups: 224 - networking.k8s.io 225 resources: 226 - ingresses 227 - networkpolicies 228 verbs: 229 - create 230 - delete 231 - deletecollection 232 - patch 233 - update 234 - apiGroups: 235 - coordination.k8s.io 236 resources: 237 - leases 238 verbs: 239 - create 240 - delete 241 - deletecollection 242 - get 243 - list 244 - patch 245 - update 246 - watch 247 - apiVersion: rbac.authorization.k8s.io/v1 248 kind: ClusterRole 249 metadata: 250 annotations: 251 rbac.authorization.kubernetes.io/autoupdate: "true" 252 creationTimestamp: null 253 labels: 254 kubernetes.io/bootstrapping: rbac-defaults 255 rbac.authorization.k8s.io/aggregate-to-view: "true" 256 name: system:aggregate-to-view 257 rules: 258 - apiGroups: 259 - "" 260 resources: 261 - configmaps 262 - endpoints 263 - persistentvolumeclaims 264 - persistentvolumeclaims/status 265 - pods 266 - replicationcontrollers 267 - replicationcontrollers/scale 268 - serviceaccounts 269 - services 270 - services/status 271 verbs: 272 - get 273 - list 274 - watch 275 - apiGroups: 276 - "" 277 resources: 278 - bindings 279 - events 280 - limitranges 281 - namespaces/status 282 - pods/log 283 - pods/status 284 - replicationcontrollers/status 285 - resourcequotas 286 - resourcequotas/status 287 verbs: 288 - get 289 - list 290 - watch 291 - apiGroups: 292 - "" 293 resources: 294 - namespaces 295 verbs: 296 - get 297 - list 298 - watch 299 - apiGroups: 300 - discovery.k8s.io 301 resources: 302 - endpointslices 303 verbs: 304 - get 305 - list 306 - watch 307 - apiGroups: 308 - apps 309 resources: 310 - controllerrevisions 311 - daemonsets 312 - daemonsets/status 313 - deployments 314 - deployments/scale 315 - deployments/status 316 - replicasets 317 - replicasets/scale 318 - replicasets/status 319 - statefulsets 320 - statefulsets/scale 321 - statefulsets/status 322 verbs: 323 - get 324 - list 325 - watch 326 - apiGroups: 327 - autoscaling 328 resources: 329 - horizontalpodautoscalers 330 - horizontalpodautoscalers/status 331 verbs: 332 - get 333 - list 334 - watch 335 - apiGroups: 336 - batch 337 resources: 338 - cronjobs 339 - cronjobs/status 340 - jobs 341 - jobs/status 342 verbs: 343 - get 344 - list 345 - watch 346 - apiGroups: 347 - extensions 348 resources: 349 - daemonsets 350 - daemonsets/status 351 - deployments 352 - deployments/scale 353 - deployments/status 354 - ingresses 355 - ingresses/status 356 - networkpolicies 357 - replicasets 358 - replicasets/scale 359 - replicasets/status 360 - replicationcontrollers/scale 361 verbs: 362 - get 363 - list 364 - watch 365 - apiGroups: 366 - policy 367 resources: 368 - poddisruptionbudgets 369 - poddisruptionbudgets/status 370 verbs: 371 - get 372 - list 373 - watch 374 - apiGroups: 375 - networking.k8s.io 376 resources: 377 - ingresses 378 - ingresses/status 379 - networkpolicies 380 verbs: 381 - get 382 - list 383 - watch 384 - apiVersion: rbac.authorization.k8s.io/v1 385 kind: ClusterRole 386 metadata: 387 annotations: 388 rbac.authorization.kubernetes.io/autoupdate: "true" 389 creationTimestamp: null 390 labels: 391 kubernetes.io/bootstrapping: rbac-defaults 392 name: system:auth-delegator 393 rules: 394 - apiGroups: 395 - authentication.k8s.io 396 resources: 397 - tokenreviews 398 verbs: 399 - create 400 - apiGroups: 401 - authorization.k8s.io 402 resources: 403 - subjectaccessreviews 404 verbs: 405 - create 406 - apiVersion: rbac.authorization.k8s.io/v1 407 kind: ClusterRole 408 metadata: 409 annotations: 410 rbac.authorization.kubernetes.io/autoupdate: "true" 411 creationTimestamp: null 412 labels: 413 kubernetes.io/bootstrapping: rbac-defaults 414 name: system:basic-user 415 rules: 416 - apiGroups: 417 - authorization.k8s.io 418 resources: 419 - selfsubjectaccessreviews 420 - selfsubjectrulesreviews 421 verbs: 422 - create 423 - apiGroups: 424 - authentication.k8s.io 425 resources: 426 - selfsubjectreviews 427 verbs: 428 - create 429 - apiVersion: rbac.authorization.k8s.io/v1 430 kind: ClusterRole 431 metadata: 432 annotations: 433 rbac.authorization.kubernetes.io/autoupdate: "true" 434 creationTimestamp: null 435 labels: 436 kubernetes.io/bootstrapping: rbac-defaults 437 name: system:certificates.k8s.io:certificatesigningrequests:nodeclient 438 rules: 439 - apiGroups: 440 - certificates.k8s.io 441 resources: 442 - certificatesigningrequests/nodeclient 443 verbs: 444 - create 445 - apiVersion: rbac.authorization.k8s.io/v1 446 kind: ClusterRole 447 metadata: 448 annotations: 449 rbac.authorization.kubernetes.io/autoupdate: "true" 450 creationTimestamp: null 451 labels: 452 kubernetes.io/bootstrapping: rbac-defaults 453 name: system:certificates.k8s.io:certificatesigningrequests:selfnodeclient 454 rules: 455 - apiGroups: 456 - certificates.k8s.io 457 resources: 458 - certificatesigningrequests/selfnodeclient 459 verbs: 460 - create 461 - apiVersion: rbac.authorization.k8s.io/v1 462 kind: ClusterRole 463 metadata: 464 annotations: 465 rbac.authorization.kubernetes.io/autoupdate: "true" 466 creationTimestamp: null 467 labels: 468 kubernetes.io/bootstrapping: rbac-defaults 469 name: system:certificates.k8s.io:kube-apiserver-client-approver 470 rules: 471 - apiGroups: 472 - certificates.k8s.io 473 resourceNames: 474 - kubernetes.io/kube-apiserver-client 475 resources: 476 - signers 477 verbs: 478 - approve 479 - apiVersion: rbac.authorization.k8s.io/v1 480 kind: ClusterRole 481 metadata: 482 annotations: 483 rbac.authorization.kubernetes.io/autoupdate: "true" 484 creationTimestamp: null 485 labels: 486 kubernetes.io/bootstrapping: rbac-defaults 487 name: system:certificates.k8s.io:kube-apiserver-client-kubelet-approver 488 rules: 489 - apiGroups: 490 - certificates.k8s.io 491 resourceNames: 492 - kubernetes.io/kube-apiserver-client-kubelet 493 resources: 494 - signers 495 verbs: 496 - approve 497 - apiVersion: rbac.authorization.k8s.io/v1 498 kind: ClusterRole 499 metadata: 500 annotations: 501 rbac.authorization.kubernetes.io/autoupdate: "true" 502 creationTimestamp: null 503 labels: 504 kubernetes.io/bootstrapping: rbac-defaults 505 name: system:certificates.k8s.io:kubelet-serving-approver 506 rules: 507 - apiGroups: 508 - certificates.k8s.io 509 resourceNames: 510 - kubernetes.io/kubelet-serving 511 resources: 512 - signers 513 verbs: 514 - approve 515 - apiVersion: rbac.authorization.k8s.io/v1 516 kind: ClusterRole 517 metadata: 518 annotations: 519 rbac.authorization.kubernetes.io/autoupdate: "true" 520 creationTimestamp: null 521 labels: 522 kubernetes.io/bootstrapping: rbac-defaults 523 name: system:certificates.k8s.io:legacy-unknown-approver 524 rules: 525 - apiGroups: 526 - certificates.k8s.io 527 resourceNames: 528 - kubernetes.io/legacy-unknown 529 resources: 530 - signers 531 verbs: 532 - approve 533 - apiVersion: rbac.authorization.k8s.io/v1 534 kind: ClusterRole 535 metadata: 536 annotations: 537 rbac.authorization.kubernetes.io/autoupdate: "true" 538 creationTimestamp: null 539 labels: 540 kubernetes.io/bootstrapping: rbac-defaults 541 name: system:discovery 542 rules: 543 - nonResourceURLs: 544 - /api 545 - /api/* 546 - /apis 547 - /apis/* 548 - /healthz 549 - /livez 550 - /openapi 551 - /openapi/* 552 - /readyz 553 - /version 554 - /version/ 555 verbs: 556 - get 557 - apiVersion: rbac.authorization.k8s.io/v1 558 kind: ClusterRole 559 metadata: 560 annotations: 561 rbac.authorization.kubernetes.io/autoupdate: "true" 562 creationTimestamp: null 563 labels: 564 kubernetes.io/bootstrapping: rbac-defaults 565 name: system:heapster 566 rules: 567 - apiGroups: 568 - "" 569 resources: 570 - events 571 - namespaces 572 - nodes 573 - pods 574 verbs: 575 - get 576 - list 577 - watch 578 - apiGroups: 579 - extensions 580 resources: 581 - deployments 582 verbs: 583 - get 584 - list 585 - watch 586 - apiVersion: rbac.authorization.k8s.io/v1 587 kind: ClusterRole 588 metadata: 589 annotations: 590 rbac.authorization.kubernetes.io/autoupdate: "true" 591 creationTimestamp: null 592 labels: 593 kubernetes.io/bootstrapping: rbac-defaults 594 name: system:kube-aggregator 595 rules: 596 - apiGroups: 597 - "" 598 resources: 599 - endpoints 600 - services 601 verbs: 602 - get 603 - list 604 - watch 605 - apiVersion: rbac.authorization.k8s.io/v1 606 kind: ClusterRole 607 metadata: 608 annotations: 609 rbac.authorization.kubernetes.io/autoupdate: "true" 610 creationTimestamp: null 611 labels: 612 kubernetes.io/bootstrapping: rbac-defaults 613 name: system:kube-controller-manager 614 rules: 615 - apiGroups: 616 - "" 617 - events.k8s.io 618 resources: 619 - events 620 verbs: 621 - create 622 - patch 623 - update 624 - apiGroups: 625 - coordination.k8s.io 626 resources: 627 - leases 628 verbs: 629 - create 630 - apiGroups: 631 - coordination.k8s.io 632 resourceNames: 633 - kube-controller-manager 634 resources: 635 - leases 636 verbs: 637 - get 638 - update 639 - apiGroups: 640 - "" 641 resources: 642 - secrets 643 - serviceaccounts 644 verbs: 645 - create 646 - apiGroups: 647 - "" 648 resources: 649 - secrets 650 verbs: 651 - delete 652 - apiGroups: 653 - "" 654 resources: 655 - configmaps 656 - namespaces 657 - secrets 658 - serviceaccounts 659 verbs: 660 - get 661 - apiGroups: 662 - "" 663 resources: 664 - secrets 665 - serviceaccounts 666 verbs: 667 - update 668 - apiGroups: 669 - authentication.k8s.io 670 resources: 671 - tokenreviews 672 verbs: 673 - create 674 - apiGroups: 675 - authorization.k8s.io 676 resources: 677 - subjectaccessreviews 678 verbs: 679 - create 680 - apiGroups: 681 - '*' 682 resources: 683 - '*' 684 verbs: 685 - list 686 - watch 687 - apiGroups: 688 - "" 689 resources: 690 - serviceaccounts/token 691 verbs: 692 - create 693 - apiVersion: rbac.authorization.k8s.io/v1 694 kind: ClusterRole 695 metadata: 696 annotations: 697 rbac.authorization.kubernetes.io/autoupdate: "true" 698 creationTimestamp: null 699 labels: 700 kubernetes.io/bootstrapping: rbac-defaults 701 name: system:kube-dns 702 rules: 703 - apiGroups: 704 - "" 705 resources: 706 - endpoints 707 - services 708 verbs: 709 - list 710 - watch 711 - apiVersion: rbac.authorization.k8s.io/v1 712 kind: ClusterRole 713 metadata: 714 annotations: 715 rbac.authorization.kubernetes.io/autoupdate: "true" 716 creationTimestamp: null 717 labels: 718 kubernetes.io/bootstrapping: rbac-defaults 719 name: system:kube-scheduler 720 rules: 721 - apiGroups: 722 - "" 723 - events.k8s.io 724 resources: 725 - events 726 verbs: 727 - create 728 - patch 729 - update 730 - apiGroups: 731 - coordination.k8s.io 732 resources: 733 - leases 734 verbs: 735 - create 736 - apiGroups: 737 - coordination.k8s.io 738 resourceNames: 739 - kube-scheduler 740 resources: 741 - leases 742 verbs: 743 - get 744 - update 745 - apiGroups: 746 - "" 747 resources: 748 - nodes 749 verbs: 750 - get 751 - list 752 - watch 753 - apiGroups: 754 - "" 755 resources: 756 - pods 757 verbs: 758 - delete 759 - get 760 - list 761 - watch 762 - apiGroups: 763 - "" 764 resources: 765 - bindings 766 - pods/binding 767 verbs: 768 - create 769 - apiGroups: 770 - "" 771 resources: 772 - pods/status 773 verbs: 774 - patch 775 - update 776 - apiGroups: 777 - "" 778 resources: 779 - replicationcontrollers 780 - services 781 verbs: 782 - get 783 - list 784 - watch 785 - apiGroups: 786 - apps 787 - extensions 788 resources: 789 - replicasets 790 verbs: 791 - get 792 - list 793 - watch 794 - apiGroups: 795 - apps 796 resources: 797 - statefulsets 798 verbs: 799 - get 800 - list 801 - watch 802 - apiGroups: 803 - policy 804 resources: 805 - poddisruptionbudgets 806 verbs: 807 - get 808 - list 809 - watch 810 - apiGroups: 811 - "" 812 resources: 813 - persistentvolumeclaims 814 - persistentvolumes 815 verbs: 816 - get 817 - list 818 - watch 819 - apiGroups: 820 - authentication.k8s.io 821 resources: 822 - tokenreviews 823 verbs: 824 - create 825 - apiGroups: 826 - authorization.k8s.io 827 resources: 828 - subjectaccessreviews 829 verbs: 830 - create 831 - apiGroups: 832 - storage.k8s.io 833 resources: 834 - csinodes 835 verbs: 836 - get 837 - list 838 - watch 839 - apiGroups: 840 - "" 841 resources: 842 - namespaces 843 verbs: 844 - get 845 - list 846 - watch 847 - apiGroups: 848 - storage.k8s.io 849 resources: 850 - csidrivers 851 verbs: 852 - get 853 - list 854 - watch 855 - apiGroups: 856 - storage.k8s.io 857 resources: 858 - csistoragecapacities 859 verbs: 860 - get 861 - list 862 - watch 863 - apiVersion: rbac.authorization.k8s.io/v1 864 kind: ClusterRole 865 metadata: 866 annotations: 867 rbac.authorization.kubernetes.io/autoupdate: "true" 868 creationTimestamp: null 869 labels: 870 kubernetes.io/bootstrapping: rbac-defaults 871 name: system:kubelet-api-admin 872 rules: 873 - apiGroups: 874 - "" 875 resources: 876 - nodes 877 verbs: 878 - get 879 - list 880 - watch 881 - apiGroups: 882 - "" 883 resources: 884 - nodes 885 verbs: 886 - proxy 887 - apiGroups: 888 - "" 889 resources: 890 - nodes/log 891 - nodes/metrics 892 - nodes/proxy 893 - nodes/stats 894 verbs: 895 - '*' 896 - apiVersion: rbac.authorization.k8s.io/v1 897 kind: ClusterRole 898 metadata: 899 annotations: 900 rbac.authorization.kubernetes.io/autoupdate: "true" 901 creationTimestamp: null 902 labels: 903 kubernetes.io/bootstrapping: rbac-defaults 904 name: system:monitoring 905 rules: 906 - nonResourceURLs: 907 - /healthz 908 - /healthz/* 909 - /livez 910 - /livez/* 911 - /metrics 912 - /metrics/slis 913 - /readyz 914 - /readyz/* 915 verbs: 916 - get 917 - apiVersion: rbac.authorization.k8s.io/v1 918 kind: ClusterRole 919 metadata: 920 annotations: 921 rbac.authorization.kubernetes.io/autoupdate: "true" 922 creationTimestamp: null 923 labels: 924 kubernetes.io/bootstrapping: rbac-defaults 925 name: system:node 926 rules: 927 - apiGroups: 928 - authentication.k8s.io 929 resources: 930 - tokenreviews 931 verbs: 932 - create 933 - apiGroups: 934 - authorization.k8s.io 935 resources: 936 - localsubjectaccessreviews 937 - subjectaccessreviews 938 verbs: 939 - create 940 - apiGroups: 941 - "" 942 resources: 943 - services 944 verbs: 945 - get 946 - list 947 - watch 948 - apiGroups: 949 - "" 950 resources: 951 - nodes 952 verbs: 953 - create 954 - get 955 - list 956 - watch 957 - apiGroups: 958 - "" 959 resources: 960 - nodes/status 961 verbs: 962 - patch 963 - update 964 - apiGroups: 965 - "" 966 resources: 967 - nodes 968 verbs: 969 - patch 970 - update 971 - apiGroups: 972 - "" 973 resources: 974 - events 975 verbs: 976 - create 977 - patch 978 - update 979 - apiGroups: 980 - "" 981 resources: 982 - pods 983 verbs: 984 - get 985 - list 986 - watch 987 - apiGroups: 988 - "" 989 resources: 990 - pods 991 verbs: 992 - create 993 - delete 994 - apiGroups: 995 - "" 996 resources: 997 - pods/status 998 verbs: 999 - patch 1000 - update 1001 - apiGroups: 1002 - "" 1003 resources: 1004 - pods/eviction 1005 verbs: 1006 - create 1007 - apiGroups: 1008 - "" 1009 resources: 1010 - configmaps 1011 - secrets 1012 verbs: 1013 - get 1014 - list 1015 - watch 1016 - apiGroups: 1017 - "" 1018 resources: 1019 - persistentvolumeclaims 1020 - persistentvolumes 1021 verbs: 1022 - get 1023 - apiGroups: 1024 - "" 1025 resources: 1026 - endpoints 1027 verbs: 1028 - get 1029 - apiGroups: 1030 - certificates.k8s.io 1031 resources: 1032 - certificatesigningrequests 1033 verbs: 1034 - create 1035 - get 1036 - list 1037 - watch 1038 - apiGroups: 1039 - coordination.k8s.io 1040 resources: 1041 - leases 1042 verbs: 1043 - create 1044 - delete 1045 - get 1046 - patch 1047 - update 1048 - apiGroups: 1049 - storage.k8s.io 1050 resources: 1051 - volumeattachments 1052 verbs: 1053 - get 1054 - apiGroups: 1055 - "" 1056 resources: 1057 - serviceaccounts/token 1058 verbs: 1059 - create 1060 - apiGroups: 1061 - "" 1062 resources: 1063 - persistentvolumeclaims/status 1064 verbs: 1065 - get 1066 - patch 1067 - update 1068 - apiGroups: 1069 - storage.k8s.io 1070 resources: 1071 - csidrivers 1072 verbs: 1073 - get 1074 - list 1075 - watch 1076 - apiGroups: 1077 - storage.k8s.io 1078 resources: 1079 - csinodes 1080 verbs: 1081 - create 1082 - delete 1083 - get 1084 - patch 1085 - update 1086 - apiGroups: 1087 - node.k8s.io 1088 resources: 1089 - runtimeclasses 1090 verbs: 1091 - get 1092 - list 1093 - watch 1094 - apiVersion: rbac.authorization.k8s.io/v1 1095 kind: ClusterRole 1096 metadata: 1097 annotations: 1098 rbac.authorization.kubernetes.io/autoupdate: "true" 1099 creationTimestamp: null 1100 labels: 1101 kubernetes.io/bootstrapping: rbac-defaults 1102 name: system:node-bootstrapper 1103 rules: 1104 - apiGroups: 1105 - certificates.k8s.io 1106 resources: 1107 - certificatesigningrequests 1108 verbs: 1109 - create 1110 - get 1111 - list 1112 - watch 1113 - apiVersion: rbac.authorization.k8s.io/v1 1114 kind: ClusterRole 1115 metadata: 1116 annotations: 1117 rbac.authorization.kubernetes.io/autoupdate: "true" 1118 creationTimestamp: null 1119 labels: 1120 kubernetes.io/bootstrapping: rbac-defaults 1121 name: system:node-problem-detector 1122 rules: 1123 - apiGroups: 1124 - "" 1125 resources: 1126 - nodes 1127 verbs: 1128 - get 1129 - apiGroups: 1130 - "" 1131 resources: 1132 - nodes/status 1133 verbs: 1134 - patch 1135 - apiGroups: 1136 - "" 1137 - events.k8s.io 1138 resources: 1139 - events 1140 verbs: 1141 - create 1142 - patch 1143 - update 1144 - apiVersion: rbac.authorization.k8s.io/v1 1145 kind: ClusterRole 1146 metadata: 1147 annotations: 1148 rbac.authorization.kubernetes.io/autoupdate: "true" 1149 creationTimestamp: null 1150 labels: 1151 kubernetes.io/bootstrapping: rbac-defaults 1152 name: system:node-proxier 1153 rules: 1154 - apiGroups: 1155 - "" 1156 resources: 1157 - endpoints 1158 - services 1159 verbs: 1160 - list 1161 - watch 1162 - apiGroups: 1163 - "" 1164 resources: 1165 - nodes 1166 verbs: 1167 - get 1168 - list 1169 - watch 1170 - apiGroups: 1171 - "" 1172 - events.k8s.io 1173 resources: 1174 - events 1175 verbs: 1176 - create 1177 - patch 1178 - update 1179 - apiGroups: 1180 - discovery.k8s.io 1181 resources: 1182 - endpointslices 1183 verbs: 1184 - list 1185 - watch 1186 - apiVersion: rbac.authorization.k8s.io/v1 1187 kind: ClusterRole 1188 metadata: 1189 annotations: 1190 rbac.authorization.kubernetes.io/autoupdate: "true" 1191 creationTimestamp: null 1192 labels: 1193 kubernetes.io/bootstrapping: rbac-defaults 1194 name: system:persistent-volume-provisioner 1195 rules: 1196 - apiGroups: 1197 - "" 1198 resources: 1199 - persistentvolumes 1200 verbs: 1201 - create 1202 - delete 1203 - get 1204 - list 1205 - watch 1206 - apiGroups: 1207 - "" 1208 resources: 1209 - persistentvolumeclaims 1210 verbs: 1211 - get 1212 - list 1213 - update 1214 - watch 1215 - apiGroups: 1216 - storage.k8s.io 1217 resources: 1218 - storageclasses 1219 verbs: 1220 - get 1221 - list 1222 - watch 1223 - apiGroups: 1224 - "" 1225 resources: 1226 - events 1227 verbs: 1228 - watch 1229 - apiGroups: 1230 - "" 1231 - events.k8s.io 1232 resources: 1233 - events 1234 verbs: 1235 - create 1236 - patch 1237 - update 1238 - apiVersion: rbac.authorization.k8s.io/v1 1239 kind: ClusterRole 1240 metadata: 1241 annotations: 1242 rbac.authorization.kubernetes.io/autoupdate: "true" 1243 creationTimestamp: null 1244 labels: 1245 kubernetes.io/bootstrapping: rbac-defaults 1246 name: system:public-info-viewer 1247 rules: 1248 - nonResourceURLs: 1249 - /healthz 1250 - /livez 1251 - /readyz 1252 - /version 1253 - /version/ 1254 verbs: 1255 - get 1256 - apiVersion: rbac.authorization.k8s.io/v1 1257 kind: ClusterRole 1258 metadata: 1259 annotations: 1260 rbac.authorization.kubernetes.io/autoupdate: "true" 1261 creationTimestamp: null 1262 labels: 1263 kubernetes.io/bootstrapping: rbac-defaults 1264 name: system:service-account-issuer-discovery 1265 rules: 1266 - nonResourceURLs: 1267 - /.well-known/openid-configuration 1268 - /.well-known/openid-configuration/ 1269 - /openid/v1/jwks 1270 - /openid/v1/jwks/ 1271 verbs: 1272 - get 1273 - apiVersion: rbac.authorization.k8s.io/v1 1274 kind: ClusterRole 1275 metadata: 1276 annotations: 1277 rbac.authorization.kubernetes.io/autoupdate: "true" 1278 creationTimestamp: null 1279 labels: 1280 kubernetes.io/bootstrapping: rbac-defaults 1281 name: system:volume-scheduler 1282 rules: 1283 - apiGroups: 1284 - "" 1285 resources: 1286 - persistentvolumes 1287 verbs: 1288 - get 1289 - list 1290 - patch 1291 - update 1292 - watch 1293 - apiGroups: 1294 - storage.k8s.io 1295 resources: 1296 - storageclasses 1297 verbs: 1298 - get 1299 - list 1300 - watch 1301 - apiGroups: 1302 - "" 1303 resources: 1304 - persistentvolumeclaims 1305 verbs: 1306 - get 1307 - list 1308 - patch 1309 - update 1310 - watch 1311 - aggregationRule: 1312 clusterRoleSelectors: 1313 - matchLabels: 1314 rbac.authorization.k8s.io/aggregate-to-view: "true" 1315 apiVersion: rbac.authorization.k8s.io/v1 1316 kind: ClusterRole 1317 metadata: 1318 annotations: 1319 rbac.authorization.kubernetes.io/autoupdate: "true" 1320 creationTimestamp: null 1321 labels: 1322 kubernetes.io/bootstrapping: rbac-defaults 1323 rbac.authorization.k8s.io/aggregate-to-edit: "true" 1324 name: view 1325 rules: null 1326 kind: List 1327 metadata: {}