kube/cluster-role-bindings.yml

90 lines
1.7 KiB
YAML

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-admins
subjects:
- kind: Group
name: "k-space:kubernetes:admins"
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
---
# AD/Samba group "Developers" members have view access for everything
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-developers
subjects:
- kind: Group
name: Developers
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: view
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: developers
namespace: camtiler
subjects:
- kind: Group
name: Developers
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: developers
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: developers
namespace: members-site
subjects:
- kind: Group
name: Developers
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: developers
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: developers
rules:
- verbs:
- create
- delete
- patch
- update
apiGroups:
- ''
resources:
- configmaps
- pods/attach
- pods/exec
- pods/portforward
- pods/proxy
- verbs:
- patch
apiGroups:
- apps
resources:
- deployments
- statefulsets
- deployments/scale
- statefulsets/scale
- verbs:
- delete
apiGroups:
- ''
resources:
- pods