k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml (about) 1 apiVersion: v1 2 items: 3 - apiVersion: rbac.authorization.k8s.io/v1 4 kind: ClusterRole 5 metadata: 6 annotations: 7 rbac.authorization.kubernetes.io/autoupdate: "true" 8 creationTimestamp: null 9 labels: 10 kubernetes.io/bootstrapping: rbac-defaults 11 name: system:controller:attachdetach-controller 12 rules: 13 - apiGroups: 14 - "" 15 resources: 16 - persistentvolumeclaims 17 - persistentvolumes 18 verbs: 19 - list 20 - watch 21 - apiGroups: 22 - "" 23 resources: 24 - nodes 25 verbs: 26 - get 27 - list 28 - watch 29 - apiGroups: 30 - "" 31 resources: 32 - nodes/status 33 verbs: 34 - patch 35 - update 36 - apiGroups: 37 - "" 38 resources: 39 - pods 40 verbs: 41 - list 42 - watch 43 - apiGroups: 44 - "" 45 - events.k8s.io 46 resources: 47 - events 48 verbs: 49 - create 50 - patch 51 - update 52 - apiGroups: 53 - storage.k8s.io 54 resources: 55 - volumeattachments 56 verbs: 57 - create 58 - delete 59 - get 60 - list 61 - watch 62 - apiGroups: 63 - storage.k8s.io 64 resources: 65 - csidrivers 66 verbs: 67 - get 68 - list 69 - watch 70 - apiGroups: 71 - storage.k8s.io 72 resources: 73 - csinodes 74 verbs: 75 - get 76 - list 77 - watch 78 - apiVersion: rbac.authorization.k8s.io/v1 79 kind: ClusterRole 80 metadata: 81 annotations: 82 rbac.authorization.kubernetes.io/autoupdate: "true" 83 creationTimestamp: null 84 labels: 85 kubernetes.io/bootstrapping: rbac-defaults 86 name: system:controller:certificate-controller 87 rules: 88 - apiGroups: 89 - certificates.k8s.io 90 resources: 91 - certificatesigningrequests 92 verbs: 93 - delete 94 - get 95 - list 96 - watch 97 - apiGroups: 98 - certificates.k8s.io 99 resources: 100 - certificatesigningrequests/approval 101 - certificatesigningrequests/status 102 verbs: 103 - update 104 - apiGroups: 105 - certificates.k8s.io 106 resourceNames: 107 - kubernetes.io/kube-apiserver-client-kubelet 108 resources: 109 - signers 110 verbs: 111 - approve 112 - apiGroups: 113 - certificates.k8s.io 114 resourceNames: 115 - kubernetes.io/kube-apiserver-client 116 - kubernetes.io/kube-apiserver-client-kubelet 117 - kubernetes.io/kubelet-serving 118 - kubernetes.io/legacy-unknown 119 resources: 120 - signers 121 verbs: 122 - sign 123 - apiGroups: 124 - authorization.k8s.io 125 resources: 126 - subjectaccessreviews 127 verbs: 128 - create 129 - apiGroups: 130 - "" 131 - events.k8s.io 132 resources: 133 - events 134 verbs: 135 - create 136 - patch 137 - update 138 - apiVersion: rbac.authorization.k8s.io/v1 139 kind: ClusterRole 140 metadata: 141 annotations: 142 rbac.authorization.kubernetes.io/autoupdate: "true" 143 creationTimestamp: null 144 labels: 145 kubernetes.io/bootstrapping: rbac-defaults 146 name: system:controller:clusterrole-aggregation-controller 147 rules: 148 - apiGroups: 149 - rbac.authorization.k8s.io 150 resources: 151 - clusterroles 152 verbs: 153 - escalate 154 - get 155 - list 156 - patch 157 - update 158 - watch 159 - apiVersion: rbac.authorization.k8s.io/v1 160 kind: ClusterRole 161 metadata: 162 annotations: 163 rbac.authorization.kubernetes.io/autoupdate: "true" 164 creationTimestamp: null 165 labels: 166 kubernetes.io/bootstrapping: rbac-defaults 167 name: system:controller:cronjob-controller 168 rules: 169 - apiGroups: 170 - batch 171 resources: 172 - cronjobs 173 verbs: 174 - get 175 - list 176 - update 177 - watch 178 - apiGroups: 179 - batch 180 resources: 181 - jobs 182 verbs: 183 - create 184 - delete 185 - get 186 - list 187 - patch 188 - update 189 - watch 190 - apiGroups: 191 - batch 192 resources: 193 - cronjobs/status 194 verbs: 195 - update 196 - apiGroups: 197 - batch 198 resources: 199 - cronjobs/finalizers 200 verbs: 201 - update 202 - apiGroups: 203 - "" 204 resources: 205 - pods 206 verbs: 207 - delete 208 - list 209 - apiGroups: 210 - "" 211 - events.k8s.io 212 resources: 213 - events 214 verbs: 215 - create 216 - patch 217 - update 218 - apiVersion: rbac.authorization.k8s.io/v1 219 kind: ClusterRole 220 metadata: 221 annotations: 222 rbac.authorization.kubernetes.io/autoupdate: "true" 223 creationTimestamp: null 224 labels: 225 kubernetes.io/bootstrapping: rbac-defaults 226 name: system:controller:daemon-set-controller 227 rules: 228 - apiGroups: 229 - apps 230 - extensions 231 resources: 232 - daemonsets 233 verbs: 234 - get 235 - list 236 - watch 237 - apiGroups: 238 - apps 239 - extensions 240 resources: 241 - daemonsets/status 242 verbs: 243 - update 244 - apiGroups: 245 - apps 246 - extensions 247 resources: 248 - daemonsets/finalizers 249 verbs: 250 - update 251 - apiGroups: 252 - "" 253 resources: 254 - nodes 255 verbs: 256 - list 257 - watch 258 - apiGroups: 259 - "" 260 resources: 261 - pods 262 verbs: 263 - create 264 - delete 265 - list 266 - patch 267 - watch 268 - apiGroups: 269 - "" 270 resources: 271 - pods/binding 272 verbs: 273 - create 274 - apiGroups: 275 - apps 276 resources: 277 - controllerrevisions 278 verbs: 279 - create 280 - delete 281 - get 282 - list 283 - patch 284 - update 285 - watch 286 - apiGroups: 287 - "" 288 - events.k8s.io 289 resources: 290 - events 291 verbs: 292 - create 293 - patch 294 - update 295 - apiVersion: rbac.authorization.k8s.io/v1 296 kind: ClusterRole 297 metadata: 298 annotations: 299 rbac.authorization.kubernetes.io/autoupdate: "true" 300 creationTimestamp: null 301 labels: 302 kubernetes.io/bootstrapping: rbac-defaults 303 name: system:controller:deployment-controller 304 rules: 305 - apiGroups: 306 - apps 307 - extensions 308 resources: 309 - deployments 310 verbs: 311 - get 312 - list 313 - update 314 - watch 315 - apiGroups: 316 - apps 317 - extensions 318 resources: 319 - deployments/status 320 verbs: 321 - update 322 - apiGroups: 323 - apps 324 - extensions 325 resources: 326 - deployments/finalizers 327 verbs: 328 - update 329 - apiGroups: 330 - apps 331 - extensions 332 resources: 333 - replicasets 334 verbs: 335 - create 336 - delete 337 - get 338 - list 339 - patch 340 - update 341 - watch 342 - apiGroups: 343 - "" 344 resources: 345 - pods 346 verbs: 347 - get 348 - list 349 - update 350 - watch 351 - apiGroups: 352 - "" 353 - events.k8s.io 354 resources: 355 - events 356 verbs: 357 - create 358 - patch 359 - update 360 - apiVersion: rbac.authorization.k8s.io/v1 361 kind: ClusterRole 362 metadata: 363 annotations: 364 rbac.authorization.kubernetes.io/autoupdate: "true" 365 creationTimestamp: null 366 labels: 367 kubernetes.io/bootstrapping: rbac-defaults 368 name: system:controller:disruption-controller 369 rules: 370 - apiGroups: 371 - apps 372 - extensions 373 resources: 374 - deployments 375 verbs: 376 - get 377 - list 378 - watch 379 - apiGroups: 380 - apps 381 - extensions 382 resources: 383 - replicasets 384 verbs: 385 - get 386 - list 387 - watch 388 - apiGroups: 389 - "" 390 resources: 391 - replicationcontrollers 392 verbs: 393 - get 394 - list 395 - watch 396 - apiGroups: 397 - policy 398 resources: 399 - poddisruptionbudgets 400 verbs: 401 - get 402 - list 403 - watch 404 - apiGroups: 405 - apps 406 resources: 407 - statefulsets 408 verbs: 409 - get 410 - list 411 - watch 412 - apiGroups: 413 - policy 414 resources: 415 - poddisruptionbudgets/status 416 verbs: 417 - update 418 - apiGroups: 419 - '*' 420 resources: 421 - '*/scale' 422 verbs: 423 - get 424 - apiGroups: 425 - "" 426 - events.k8s.io 427 resources: 428 - events 429 verbs: 430 - create 431 - patch 432 - update 433 - apiGroups: 434 - "" 435 resources: 436 - pods/status 437 verbs: 438 - patch 439 - update 440 - apiVersion: rbac.authorization.k8s.io/v1 441 kind: ClusterRole 442 metadata: 443 annotations: 444 rbac.authorization.kubernetes.io/autoupdate: "true" 445 creationTimestamp: null 446 labels: 447 kubernetes.io/bootstrapping: rbac-defaults 448 name: system:controller:endpoint-controller 449 rules: 450 - apiGroups: 451 - "" 452 resources: 453 - pods 454 - services 455 verbs: 456 - get 457 - list 458 - watch 459 - apiGroups: 460 - "" 461 resources: 462 - endpoints 463 verbs: 464 - create 465 - delete 466 - get 467 - list 468 - update 469 - apiGroups: 470 - "" 471 resources: 472 - endpoints/restricted 473 verbs: 474 - create 475 - apiGroups: 476 - "" 477 - events.k8s.io 478 resources: 479 - events 480 verbs: 481 - create 482 - patch 483 - update 484 - apiVersion: rbac.authorization.k8s.io/v1 485 kind: ClusterRole 486 metadata: 487 annotations: 488 rbac.authorization.kubernetes.io/autoupdate: "true" 489 creationTimestamp: null 490 labels: 491 kubernetes.io/bootstrapping: rbac-defaults 492 name: system:controller:endpointslice-controller 493 rules: 494 - apiGroups: 495 - "" 496 resources: 497 - nodes 498 - pods 499 - services 500 verbs: 501 - get 502 - list 503 - watch 504 - apiGroups: 505 - "" 506 resources: 507 - services/finalizers 508 verbs: 509 - update 510 - apiGroups: 511 - discovery.k8s.io 512 resources: 513 - endpointslices 514 verbs: 515 - create 516 - delete 517 - get 518 - list 519 - update 520 - apiGroups: 521 - "" 522 - events.k8s.io 523 resources: 524 - events 525 verbs: 526 - create 527 - patch 528 - update 529 - apiVersion: rbac.authorization.k8s.io/v1 530 kind: ClusterRole 531 metadata: 532 annotations: 533 rbac.authorization.kubernetes.io/autoupdate: "true" 534 creationTimestamp: null 535 labels: 536 kubernetes.io/bootstrapping: rbac-defaults 537 name: system:controller:endpointslicemirroring-controller 538 rules: 539 - apiGroups: 540 - "" 541 resources: 542 - endpoints 543 - services 544 verbs: 545 - get 546 - list 547 - watch 548 - apiGroups: 549 - "" 550 resources: 551 - services/finalizers 552 verbs: 553 - update 554 - apiGroups: 555 - "" 556 resources: 557 - endpoints/finalizers 558 verbs: 559 - update 560 - apiGroups: 561 - discovery.k8s.io 562 resources: 563 - endpointslices 564 verbs: 565 - create 566 - delete 567 - get 568 - list 569 - update 570 - apiGroups: 571 - "" 572 - events.k8s.io 573 resources: 574 - events 575 verbs: 576 - create 577 - patch 578 - update 579 - apiVersion: rbac.authorization.k8s.io/v1 580 kind: ClusterRole 581 metadata: 582 annotations: 583 rbac.authorization.kubernetes.io/autoupdate: "true" 584 creationTimestamp: null 585 labels: 586 kubernetes.io/bootstrapping: rbac-defaults 587 name: system:controller:ephemeral-volume-controller 588 rules: 589 - apiGroups: 590 - "" 591 resources: 592 - pods 593 verbs: 594 - get 595 - list 596 - watch 597 - apiGroups: 598 - "" 599 resources: 600 - pods/finalizers 601 verbs: 602 - update 603 - apiGroups: 604 - "" 605 resources: 606 - persistentvolumeclaims 607 verbs: 608 - create 609 - get 610 - list 611 - watch 612 - apiGroups: 613 - "" 614 - events.k8s.io 615 resources: 616 - events 617 verbs: 618 - create 619 - patch 620 - update 621 - apiVersion: rbac.authorization.k8s.io/v1 622 kind: ClusterRole 623 metadata: 624 annotations: 625 rbac.authorization.kubernetes.io/autoupdate: "true" 626 creationTimestamp: null 627 labels: 628 kubernetes.io/bootstrapping: rbac-defaults 629 name: system:controller:expand-controller 630 rules: 631 - apiGroups: 632 - "" 633 resources: 634 - persistentvolumes 635 verbs: 636 - get 637 - list 638 - patch 639 - update 640 - watch 641 - apiGroups: 642 - "" 643 resources: 644 - persistentvolumeclaims/status 645 verbs: 646 - patch 647 - update 648 - apiGroups: 649 - "" 650 resources: 651 - persistentvolumeclaims 652 verbs: 653 - get 654 - list 655 - watch 656 - apiGroups: 657 - storage.k8s.io 658 resources: 659 - storageclasses 660 verbs: 661 - get 662 - list 663 - watch 664 - apiGroups: 665 - "" 666 resources: 667 - endpoints 668 - services 669 verbs: 670 - get 671 - apiGroups: 672 - "" 673 resources: 674 - secrets 675 verbs: 676 - get 677 - apiGroups: 678 - "" 679 - events.k8s.io 680 resources: 681 - events 682 verbs: 683 - create 684 - patch 685 - update 686 - apiVersion: rbac.authorization.k8s.io/v1 687 kind: ClusterRole 688 metadata: 689 annotations: 690 rbac.authorization.kubernetes.io/autoupdate: "true" 691 creationTimestamp: null 692 labels: 693 kubernetes.io/bootstrapping: rbac-defaults 694 name: system:controller:generic-garbage-collector 695 rules: 696 - apiGroups: 697 - '*' 698 resources: 699 - '*' 700 verbs: 701 - delete 702 - get 703 - list 704 - patch 705 - update 706 - watch 707 - apiGroups: 708 - "" 709 - events.k8s.io 710 resources: 711 - events 712 verbs: 713 - create 714 - patch 715 - update 716 - apiVersion: rbac.authorization.k8s.io/v1 717 kind: ClusterRole 718 metadata: 719 annotations: 720 rbac.authorization.kubernetes.io/autoupdate: "true" 721 creationTimestamp: null 722 labels: 723 kubernetes.io/bootstrapping: rbac-defaults 724 name: system:controller:horizontal-pod-autoscaler 725 rules: 726 - apiGroups: 727 - autoscaling 728 resources: 729 - horizontalpodautoscalers 730 verbs: 731 - get 732 - list 733 - watch 734 - apiGroups: 735 - autoscaling 736 resources: 737 - horizontalpodautoscalers/status 738 verbs: 739 - update 740 - apiGroups: 741 - '*' 742 resources: 743 - '*/scale' 744 verbs: 745 - get 746 - update 747 - apiGroups: 748 - "" 749 resources: 750 - pods 751 verbs: 752 - list 753 - apiGroups: 754 - metrics.k8s.io 755 resources: 756 - pods 757 verbs: 758 - list 759 - apiGroups: 760 - custom.metrics.k8s.io 761 resources: 762 - '*' 763 verbs: 764 - get 765 - list 766 - apiGroups: 767 - external.metrics.k8s.io 768 resources: 769 - '*' 770 verbs: 771 - get 772 - list 773 - apiGroups: 774 - "" 775 - events.k8s.io 776 resources: 777 - events 778 verbs: 779 - create 780 - patch 781 - update 782 - apiVersion: rbac.authorization.k8s.io/v1 783 kind: ClusterRole 784 metadata: 785 annotations: 786 rbac.authorization.kubernetes.io/autoupdate: "true" 787 creationTimestamp: null 788 labels: 789 kubernetes.io/bootstrapping: rbac-defaults 790 name: system:controller:job-controller 791 rules: 792 - apiGroups: 793 - batch 794 resources: 795 - jobs 796 verbs: 797 - get 798 - list 799 - patch 800 - update 801 - watch 802 - apiGroups: 803 - batch 804 resources: 805 - jobs/status 806 verbs: 807 - update 808 - apiGroups: 809 - batch 810 resources: 811 - jobs/finalizers 812 verbs: 813 - update 814 - apiGroups: 815 - "" 816 resources: 817 - pods 818 verbs: 819 - create 820 - delete 821 - list 822 - patch 823 - watch 824 - apiGroups: 825 - "" 826 - events.k8s.io 827 resources: 828 - events 829 verbs: 830 - create 831 - patch 832 - update 833 - apiVersion: rbac.authorization.k8s.io/v1 834 kind: ClusterRole 835 metadata: 836 annotations: 837 rbac.authorization.kubernetes.io/autoupdate: "true" 838 creationTimestamp: null 839 labels: 840 kubernetes.io/bootstrapping: rbac-defaults 841 name: system:controller:legacy-service-account-token-cleaner 842 rules: 843 - apiGroups: 844 - "" 845 resourceNames: 846 - kube-apiserver-legacy-service-account-token-tracking 847 resources: 848 - configmaps 849 verbs: 850 - get 851 - apiGroups: 852 - "" 853 resources: 854 - secrets 855 verbs: 856 - delete 857 - patch 858 - apiVersion: rbac.authorization.k8s.io/v1 859 kind: ClusterRole 860 metadata: 861 annotations: 862 rbac.authorization.kubernetes.io/autoupdate: "true" 863 creationTimestamp: null 864 labels: 865 kubernetes.io/bootstrapping: rbac-defaults 866 name: system:controller:namespace-controller 867 rules: 868 - apiGroups: 869 - "" 870 resources: 871 - namespaces 872 verbs: 873 - delete 874 - get 875 - list 876 - watch 877 - apiGroups: 878 - "" 879 resources: 880 - namespaces/finalize 881 - namespaces/status 882 verbs: 883 - update 884 - apiGroups: 885 - '*' 886 resources: 887 - '*' 888 verbs: 889 - delete 890 - deletecollection 891 - get 892 - list 893 - apiVersion: rbac.authorization.k8s.io/v1 894 kind: ClusterRole 895 metadata: 896 annotations: 897 rbac.authorization.kubernetes.io/autoupdate: "true" 898 creationTimestamp: null 899 labels: 900 kubernetes.io/bootstrapping: rbac-defaults 901 name: system:controller:node-controller 902 rules: 903 - apiGroups: 904 - "" 905 resources: 906 - nodes 907 verbs: 908 - delete 909 - get 910 - list 911 - patch 912 - update 913 - apiGroups: 914 - "" 915 resources: 916 - nodes/status 917 verbs: 918 - patch 919 - update 920 - apiGroups: 921 - "" 922 resources: 923 - pods/status 924 verbs: 925 - patch 926 - update 927 - apiGroups: 928 - "" 929 resources: 930 - pods 931 verbs: 932 - delete 933 - list 934 - apiGroups: 935 - "" 936 - events.k8s.io 937 resources: 938 - events 939 verbs: 940 - create 941 - patch 942 - update 943 - apiGroups: 944 - "" 945 resources: 946 - pods 947 verbs: 948 - get 949 - apiVersion: rbac.authorization.k8s.io/v1 950 kind: ClusterRole 951 metadata: 952 annotations: 953 rbac.authorization.kubernetes.io/autoupdate: "true" 954 creationTimestamp: null 955 labels: 956 kubernetes.io/bootstrapping: rbac-defaults 957 name: system:controller:persistent-volume-binder 958 rules: 959 - apiGroups: 960 - "" 961 resources: 962 - persistentvolumes 963 verbs: 964 - create 965 - delete 966 - get 967 - list 968 - update 969 - watch 970 - apiGroups: 971 - "" 972 resources: 973 - persistentvolumes/status 974 verbs: 975 - update 976 - apiGroups: 977 - "" 978 resources: 979 - persistentvolumeclaims 980 verbs: 981 - get 982 - list 983 - update 984 - watch 985 - apiGroups: 986 - "" 987 resources: 988 - persistentvolumeclaims/status 989 verbs: 990 - update 991 - apiGroups: 992 - "" 993 resources: 994 - pods 995 verbs: 996 - create 997 - delete 998 - get 999 - list 1000 - watch 1001 - apiGroups: 1002 - storage.k8s.io 1003 resources: 1004 - storageclasses 1005 verbs: 1006 - get 1007 - list 1008 - watch 1009 - apiGroups: 1010 - "" 1011 resources: 1012 - endpoints 1013 verbs: 1014 - create 1015 - delete 1016 - get 1017 - update 1018 - apiGroups: 1019 - "" 1020 resources: 1021 - services 1022 verbs: 1023 - create 1024 - delete 1025 - get 1026 - apiGroups: 1027 - "" 1028 resources: 1029 - secrets 1030 verbs: 1031 - get 1032 - apiGroups: 1033 - "" 1034 resources: 1035 - nodes 1036 verbs: 1037 - get 1038 - list 1039 - apiGroups: 1040 - "" 1041 resources: 1042 - events 1043 verbs: 1044 - watch 1045 - apiGroups: 1046 - "" 1047 - events.k8s.io 1048 resources: 1049 - events 1050 verbs: 1051 - create 1052 - patch 1053 - update 1054 - apiVersion: rbac.authorization.k8s.io/v1 1055 kind: ClusterRole 1056 metadata: 1057 annotations: 1058 rbac.authorization.kubernetes.io/autoupdate: "true" 1059 creationTimestamp: null 1060 labels: 1061 kubernetes.io/bootstrapping: rbac-defaults 1062 name: system:controller:pod-garbage-collector 1063 rules: 1064 - apiGroups: 1065 - "" 1066 resources: 1067 - pods 1068 verbs: 1069 - delete 1070 - list 1071 - watch 1072 - apiGroups: 1073 - "" 1074 resources: 1075 - nodes 1076 verbs: 1077 - get 1078 - list 1079 - apiGroups: 1080 - "" 1081 resources: 1082 - pods/status 1083 verbs: 1084 - patch 1085 - apiVersion: rbac.authorization.k8s.io/v1 1086 kind: ClusterRole 1087 metadata: 1088 annotations: 1089 rbac.authorization.kubernetes.io/autoupdate: "true" 1090 creationTimestamp: null 1091 labels: 1092 kubernetes.io/bootstrapping: rbac-defaults 1093 name: system:controller:pv-protection-controller 1094 rules: 1095 - apiGroups: 1096 - "" 1097 resources: 1098 - persistentvolumes 1099 verbs: 1100 - get 1101 - list 1102 - update 1103 - watch 1104 - apiGroups: 1105 - "" 1106 - events.k8s.io 1107 resources: 1108 - events 1109 verbs: 1110 - create 1111 - patch 1112 - update 1113 - apiVersion: rbac.authorization.k8s.io/v1 1114 kind: ClusterRole 1115 metadata: 1116 annotations: 1117 rbac.authorization.kubernetes.io/autoupdate: "true" 1118 creationTimestamp: null 1119 labels: 1120 kubernetes.io/bootstrapping: rbac-defaults 1121 name: system:controller:pvc-protection-controller 1122 rules: 1123 - apiGroups: 1124 - "" 1125 resources: 1126 - persistentvolumeclaims 1127 verbs: 1128 - get 1129 - list 1130 - update 1131 - watch 1132 - apiGroups: 1133 - "" 1134 resources: 1135 - pods 1136 verbs: 1137 - get 1138 - list 1139 - watch 1140 - apiGroups: 1141 - "" 1142 - events.k8s.io 1143 resources: 1144 - events 1145 verbs: 1146 - create 1147 - patch 1148 - update 1149 - apiVersion: rbac.authorization.k8s.io/v1 1150 kind: ClusterRole 1151 metadata: 1152 annotations: 1153 rbac.authorization.kubernetes.io/autoupdate: "true" 1154 creationTimestamp: null 1155 labels: 1156 kubernetes.io/bootstrapping: rbac-defaults 1157 name: system:controller:replicaset-controller 1158 rules: 1159 - apiGroups: 1160 - apps 1161 - extensions 1162 resources: 1163 - replicasets 1164 verbs: 1165 - get 1166 - list 1167 - update 1168 - watch 1169 - apiGroups: 1170 - apps 1171 - extensions 1172 resources: 1173 - replicasets/status 1174 verbs: 1175 - update 1176 - apiGroups: 1177 - apps 1178 - extensions 1179 resources: 1180 - replicasets/finalizers 1181 verbs: 1182 - update 1183 - apiGroups: 1184 - "" 1185 resources: 1186 - pods 1187 verbs: 1188 - create 1189 - delete 1190 - list 1191 - patch 1192 - watch 1193 - apiGroups: 1194 - "" 1195 - events.k8s.io 1196 resources: 1197 - events 1198 verbs: 1199 - create 1200 - patch 1201 - update 1202 - apiVersion: rbac.authorization.k8s.io/v1 1203 kind: ClusterRole 1204 metadata: 1205 annotations: 1206 rbac.authorization.kubernetes.io/autoupdate: "true" 1207 creationTimestamp: null 1208 labels: 1209 kubernetes.io/bootstrapping: rbac-defaults 1210 name: system:controller:replication-controller 1211 rules: 1212 - apiGroups: 1213 - "" 1214 resources: 1215 - replicationcontrollers 1216 verbs: 1217 - get 1218 - list 1219 - update 1220 - watch 1221 - apiGroups: 1222 - "" 1223 resources: 1224 - replicationcontrollers/status 1225 verbs: 1226 - update 1227 - apiGroups: 1228 - "" 1229 resources: 1230 - replicationcontrollers/finalizers 1231 verbs: 1232 - update 1233 - apiGroups: 1234 - "" 1235 resources: 1236 - pods 1237 verbs: 1238 - create 1239 - delete 1240 - list 1241 - patch 1242 - watch 1243 - apiGroups: 1244 - "" 1245 - events.k8s.io 1246 resources: 1247 - events 1248 verbs: 1249 - create 1250 - patch 1251 - update 1252 - apiVersion: rbac.authorization.k8s.io/v1 1253 kind: ClusterRole 1254 metadata: 1255 annotations: 1256 rbac.authorization.kubernetes.io/autoupdate: "true" 1257 creationTimestamp: null 1258 labels: 1259 kubernetes.io/bootstrapping: rbac-defaults 1260 name: system:controller:resourcequota-controller 1261 rules: 1262 - apiGroups: 1263 - '*' 1264 resources: 1265 - '*' 1266 verbs: 1267 - list 1268 - watch 1269 - apiGroups: 1270 - "" 1271 resources: 1272 - resourcequotas/status 1273 verbs: 1274 - update 1275 - apiGroups: 1276 - "" 1277 - events.k8s.io 1278 resources: 1279 - events 1280 verbs: 1281 - create 1282 - patch 1283 - update 1284 - apiVersion: rbac.authorization.k8s.io/v1 1285 kind: ClusterRole 1286 metadata: 1287 annotations: 1288 rbac.authorization.kubernetes.io/autoupdate: "true" 1289 creationTimestamp: null 1290 labels: 1291 kubernetes.io/bootstrapping: rbac-defaults 1292 name: system:controller:root-ca-cert-publisher 1293 rules: 1294 - apiGroups: 1295 - "" 1296 resources: 1297 - configmaps 1298 verbs: 1299 - create 1300 - update 1301 - apiGroups: 1302 - "" 1303 - events.k8s.io 1304 resources: 1305 - events 1306 verbs: 1307 - create 1308 - patch 1309 - update 1310 - apiVersion: rbac.authorization.k8s.io/v1 1311 kind: ClusterRole 1312 metadata: 1313 annotations: 1314 rbac.authorization.kubernetes.io/autoupdate: "true" 1315 creationTimestamp: null 1316 labels: 1317 kubernetes.io/bootstrapping: rbac-defaults 1318 name: system:controller:route-controller 1319 rules: 1320 - apiGroups: 1321 - "" 1322 resources: 1323 - nodes 1324 verbs: 1325 - list 1326 - watch 1327 - apiGroups: 1328 - "" 1329 resources: 1330 - nodes/status 1331 verbs: 1332 - patch 1333 - apiGroups: 1334 - "" 1335 - events.k8s.io 1336 resources: 1337 - events 1338 verbs: 1339 - create 1340 - patch 1341 - update 1342 - apiVersion: rbac.authorization.k8s.io/v1 1343 kind: ClusterRole 1344 metadata: 1345 annotations: 1346 rbac.authorization.kubernetes.io/autoupdate: "true" 1347 creationTimestamp: null 1348 labels: 1349 kubernetes.io/bootstrapping: rbac-defaults 1350 name: system:controller:service-account-controller 1351 rules: 1352 - apiGroups: 1353 - "" 1354 resources: 1355 - serviceaccounts 1356 verbs: 1357 - create 1358 - apiGroups: 1359 - "" 1360 - events.k8s.io 1361 resources: 1362 - events 1363 verbs: 1364 - create 1365 - patch 1366 - update 1367 - apiVersion: rbac.authorization.k8s.io/v1 1368 kind: ClusterRole 1369 metadata: 1370 annotations: 1371 rbac.authorization.kubernetes.io/autoupdate: "true" 1372 creationTimestamp: null 1373 labels: 1374 kubernetes.io/bootstrapping: rbac-defaults 1375 name: system:controller:service-controller 1376 rules: 1377 - apiGroups: 1378 - "" 1379 resources: 1380 - services 1381 verbs: 1382 - get 1383 - list 1384 - watch 1385 - apiGroups: 1386 - "" 1387 resources: 1388 - services/status 1389 verbs: 1390 - patch 1391 - update 1392 - apiGroups: 1393 - "" 1394 resources: 1395 - nodes 1396 verbs: 1397 - list 1398 - watch 1399 - apiGroups: 1400 - "" 1401 - events.k8s.io 1402 resources: 1403 - events 1404 verbs: 1405 - create 1406 - patch 1407 - update 1408 - apiVersion: rbac.authorization.k8s.io/v1 1409 kind: ClusterRole 1410 metadata: 1411 annotations: 1412 rbac.authorization.kubernetes.io/autoupdate: "true" 1413 creationTimestamp: null 1414 labels: 1415 kubernetes.io/bootstrapping: rbac-defaults 1416 name: system:controller:statefulset-controller 1417 rules: 1418 - apiGroups: 1419 - "" 1420 resources: 1421 - pods 1422 verbs: 1423 - list 1424 - watch 1425 - apiGroups: 1426 - apps 1427 resources: 1428 - statefulsets 1429 verbs: 1430 - get 1431 - list 1432 - watch 1433 - apiGroups: 1434 - apps 1435 resources: 1436 - statefulsets/status 1437 verbs: 1438 - update 1439 - apiGroups: 1440 - apps 1441 resources: 1442 - statefulsets/finalizers 1443 verbs: 1444 - update 1445 - apiGroups: 1446 - "" 1447 resources: 1448 - pods 1449 verbs: 1450 - create 1451 - delete 1452 - get 1453 - patch 1454 - update 1455 - apiGroups: 1456 - apps 1457 resources: 1458 - controllerrevisions 1459 verbs: 1460 - create 1461 - delete 1462 - get 1463 - list 1464 - patch 1465 - update 1466 - watch 1467 - apiGroups: 1468 - "" 1469 resources: 1470 - persistentvolumeclaims 1471 verbs: 1472 - create 1473 - get 1474 - apiGroups: 1475 - "" 1476 - events.k8s.io 1477 resources: 1478 - events 1479 verbs: 1480 - create 1481 - patch 1482 - update 1483 - apiGroups: 1484 - "" 1485 resources: 1486 - persistentvolumeclaims 1487 verbs: 1488 - delete 1489 - update 1490 - apiVersion: rbac.authorization.k8s.io/v1 1491 kind: ClusterRole 1492 metadata: 1493 annotations: 1494 rbac.authorization.kubernetes.io/autoupdate: "true" 1495 creationTimestamp: null 1496 labels: 1497 kubernetes.io/bootstrapping: rbac-defaults 1498 name: system:controller:ttl-after-finished-controller 1499 rules: 1500 - apiGroups: 1501 - batch 1502 resources: 1503 - jobs 1504 verbs: 1505 - delete 1506 - get 1507 - list 1508 - watch 1509 - apiGroups: 1510 - "" 1511 - events.k8s.io 1512 resources: 1513 - events 1514 verbs: 1515 - create 1516 - patch 1517 - update 1518 - apiVersion: rbac.authorization.k8s.io/v1 1519 kind: ClusterRole 1520 metadata: 1521 annotations: 1522 rbac.authorization.kubernetes.io/autoupdate: "true" 1523 creationTimestamp: null 1524 labels: 1525 kubernetes.io/bootstrapping: rbac-defaults 1526 name: system:controller:ttl-controller 1527 rules: 1528 - apiGroups: 1529 - "" 1530 resources: 1531 - nodes 1532 verbs: 1533 - list 1534 - patch 1535 - update 1536 - watch 1537 - apiGroups: 1538 - "" 1539 - events.k8s.io 1540 resources: 1541 - events 1542 verbs: 1543 - create 1544 - patch 1545 - update 1546 - apiVersion: rbac.authorization.k8s.io/v1 1547 kind: ClusterRole 1548 metadata: 1549 annotations: 1550 rbac.authorization.kubernetes.io/autoupdate: "true" 1551 creationTimestamp: null 1552 labels: 1553 kubernetes.io/bootstrapping: rbac-defaults 1554 name: system:controller:validatingadmissionpolicy-status-controller 1555 rules: 1556 - apiGroups: 1557 - admissionregistration.k8s.io 1558 resources: 1559 - validatingadmissionpolicies 1560 verbs: 1561 - get 1562 - list 1563 - watch 1564 - apiGroups: 1565 - admissionregistration.k8s.io 1566 resources: 1567 - validatingadmissionpolicies/status 1568 verbs: 1569 - get 1570 - patch 1571 - update 1572 - apiGroups: 1573 - "" 1574 - events.k8s.io 1575 resources: 1576 - events 1577 verbs: 1578 - create 1579 - patch 1580 - update 1581 kind: List 1582 metadata: {}