Initial commit

cluster-role-bindings.yml

@@ -0,0 +1,90 @@
+---
+# AD/Samba group "Kubernetes Admins" members have full access
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-admins
+subjects:
+- kind: Group
+  name: "Kubernetes Admins"
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+---
+# AD/Samba group "Developers" members have view access for everything
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-developers
+subjects:
+- kind: Group
+  name: Developers
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: view
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: developers
+  namespace: camtiler
+subjects:
+- kind: Group
+  name: Developers
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: developers
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: developers
+  namespace: members-site
+subjects:
+- kind: Group
+  name: Developers
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: developers
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: developers
+rules:
+  - verbs:
+      - create
+      - delete
+      - patch
+      - update
+    apiGroups:
+      - ''
+    resources:
+      - configmaps
+      - pods/attach
+      - pods/exec
+      - pods/portforward
+      - pods/proxy
+  - verbs:
+      - patch
+    apiGroups:
+      - apps
+    resources:
+      - deployments
+      - statefulsets
+      - deployments/scale
+      - statefulsets/scale
+  - verbs:
+      - delete
+    apiGroups:
+      - ''
+    resources:
+      - pods