AkiEvka

role and role binding

Apr 14th, 2021 (edited)
513
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. kind: ClusterRole
  2. apiVersion: rbac.authorization.k8s.io/v1
  3. metadata:
  4.   name: kubeflow-admin
  5.   uid: uid
  6.   resourceVersion: '19832366'
  7.   creationTimestamp: '2021-03-21T00:37:49Z'
  8.   annotations:
  9.     kubectl.kubernetes.io/last-applied-configuration: >
  10.      {"aggregationRule":{"clusterRoleSelectors":[{"matchLabels":{"rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin":"true"}}]},"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"creationTimestamp":"2021-03-21T00:37:49Z","managedFields":[{"apiVersion":"rbac.authorization.k8s.io/v1","fieldsType":"FieldsV1","fieldsV1":{"f:aggregationRule":{".":{},"f:clusterRoleSelectors":{}},"f:metadata":{"f:annotations":{".":{},"f:kubectl.kubernetes.io/last-applied-configuration":{}}}},"manager":"kfctl","operation":"Update","time":"2021-03-21T07:43:21Z"},{"apiVersion":"rbac.authorization.k8s.io/v1","fieldsType":"FieldsV1","fieldsV1":{"f:rules":{}},"manager":"kube-controller-manager","operation":"Update","time":"2021-03-21T07:43:21Z"}],"name":"kubeflow-admin","selfLink":"/apis/rbac.authorization.k8s.io/v1/clusterroles/kubeflow-admin","uid":"6ace3a69-81b9-47cc-9741-ac16f350dd79"},"rules":[{"apiGroups":["kubeflow.org"],"resources":["poddefaults"],"verbs":["get","list","watch"]},{"apiGroups":["kubeflow.org"],"resources":["notebooks","notebooks/finalizers","poddefaults"],"verbs":["get","list","create","delete"]},{"apiGroups":["istio.io","networking.istio.io"],"resources":["*"],"verbs":["get","list","watch","create","delete","deletecollection","patch","update"]},{"apiGroups":["kubeflow.org"],"resources":["experiments","trials","suggestions"],"verbs":["get","list","watch","create","delete","deletecollection","patch","update"]},{"apiGroups":["serving.kubeflow.org"],"resources":["inferenceservices"],"verbs":["get","list","watch","create","delete","deletecollection","patch","update"]},{"apiGroups":[""],"resources":["pods/attach","pods/exec","pods/portforward","pods/proxy","secrets","services/proxy"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["serviceaccounts"],"verbs":["impersonate"]},{"apiGroups":[""],"resources":["pods","pods/attach","pods/exec","pods/portforward","pods/proxy"],"verbs":["create","delete","deletecollection","patch","update"]},{"apiGroups":[""],"resources":["configmaps","endpoints","persistentvolumeclaims","replicationcontrollers","replicationcontrollers/scale","secrets","serviceaccounts","services","services/proxy"],"verbs":["create","delete","deletecollection","patch","update"]},{"apiGroups":["apps"],"resources":["daemonsets","deployments","deployments/rollback","deployments/scale","replicasets","replicasets/scale","statefulsets","statefulsets/scale"],"verbs":["create","delete","deletecollection","patch","update"]},{"apiGroups":["autoscaling"],"resources":["horizontalpodautoscalers"],"verbs":["create","delete","deletecollection","patch","update"]},{"apiGroups":["batch"],"resources":["cronjobs","jobs"],"verbs":["create","delete","deletecollection","patch","update"]},{"apiGroups":["extensions"],"resources":["daemonsets","deployments","deployments/rollback","deployments/scale","ingresses","networkpolicies","replicasets","replicasets/scale","replicationcontrollers/scale"],"verbs":["create","delete","deletecollection","patch","update"]},{"apiGroups":["policy"],"resources":["poddisruptionbudgets"],"verbs":["create","delete","deletecollection","patch","update"]},{"apiGroups":["networking.k8s.io"],"resources":["ingresses","networkpolicies"],"verbs":["create","delete","deletecollection","patch","update"]},{"apiGroups":["kubeflow.org"],"resources":["mpijobs","mpijobs/status"],"verbs":["get","list","watch","create","delete","deletecollection","patch","update"]},{"apiGroups":["kubeflow.org"],"resources":["mxjobs","mxjobs/status"],"verbs":["get","list","watch","create","delete","deletecollection","patch","update"]},{"apiGroups":["kubeflow.org"],"resources":["pytorchjobs","pytorchjobs/status","pytorchjobs/finalizers"],"verbs":["get","list","watch","create","delete","deletecollection","patch","update"]},{"apiGroups":["kubeflow.org"],"resources":["tfjobs","tfjobs/status"],"verbs":["get","list","watch","create","delete","deletecollection","patch","update"]},{"apiGroups":["kubeflow.org"],"resources":["notebooks","notebooks/finalizers","poddefaults"],"verbs":["get","list"]},{"apiGroups":["storage.k8s.io"],"resources":["storageclasses"],"verbs":["get","list","watch"]},{"apiGroups":["istio.io","networking.istio.io"],"resources":["*"],"verbs":["get","list","watch"]},{"apiGroups":["kubeflow.org"],"resources":["experiments","trials","suggestions"],"verbs":["get","list","watch"]},{"apiGroups":["serving.kubeflow.org"],"resources":["inferenceservices"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["configmaps","endpoints","persistentvolumeclaims","persistentvolumeclaims/status","pods","replicationcontrollers","replicationcontrollers/scale","serviceaccounts","services","services/status"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["bindings","events","limitranges","namespaces/status","pods/log","pods/status","replicationcontrollers/status","resourcequotas","resourcequotas/status"],"verbs":["get","list","watch"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["get","list","watch"]},{"apiGroups":["apps"],"resources":["controllerrevisions","daemonsets","daemonsets/status","deployments","deployments/scale","deployments/status","replicasets","replicasets/scale","replicasets/status","statefulsets","statefulsets/scale","statefulsets/status"],"verbs":["get","list","watch"]},{"apiGroups":["autoscaling"],"resources":["horizontalpodautoscalers","horizontalpodautoscalers/status"],"verbs":["get","list","watch"]},{"apiGroups":["batch"],"resources":["cronjobs","cronjobs/status","jobs","jobs/status"],"verbs":["get","list","watch"]},{"apiGroups":["extensions"],"resources":["daemonsets","daemonsets/status","deployments","deployments/scale","deployments/status","ingresses","ingresses/status","networkpolicies","replicasets","replicasets/scale","replicasets/status","replicationcontrollers/scale"],"verbs":["get","list","watch"]},{"apiGroups":["policy"],"resources":["poddisruptionbudgets","poddisruptionbudgets/status"],"verbs":["get","list","watch"]},{"apiGroups":["networking.k8s.io"],"resources":["ingresses","ingresses/status","networkpolicies"],"verbs":["get","list","watch"]},{"apiGroups":["kubeflow.org"],"resources":["mpijobs","mpijobs/status"],"verbs":["get","list","watch"]},{"apiGroups":["kubeflow.org"],"resources":["mxjobs","mxjobs/status"],"verbs":["get","list","watch"]},{"apiGroups":["kubeflow.org"],"resources":["pytorchjobs","pytorchjobs/status","pytorchjobs/finalizers"],"verbs":["get","list","watch"]},{"apiGroups":["kubeflow.org"],"resources":["tfjobs","tfjobs/status"],"verbs":["get","list","watch"]},{"apiGroups":["kubeflow.org"],"resources":["notebooks","notebooks/status"],"verbs":["get","list","watch"]},{"apiGroups":["kubeflow.org"],"resources":["notebooks","notebooks/status"],"verbs":["get","list","watch","create","delete","deletecollection","patch","update"]},{"apiGroups":["authorization.k8s.io"],"resources":["localsubjectaccessreviews"],"verbs":["create"]},{"apiGroups":["rbac.authorization.k8s.io"],"resources":["rolebindings","roles"],"verbs":["create","delete","deletecollection","get","list","patch","update","watch"]}]}
  11.   managedFields:
  12.     - manager: kfctl
  13.       operation: Update
  14.       apiVersion: rbac.authorization.k8s.io/v1
  15.       time: '2021-03-21T07:43:21Z'
  16.       fieldsType: FieldsV1
  17.       fieldsV1:
  18.         'f:aggregationRule':
  19.           .: {}
  20.           'f:clusterRoleSelectors': {}
  21.         'f:metadata':
  22.           'f:annotations': {}
  23.     - manager: kube-controller-manager
  24.       operation: Update
  25.       apiVersion: rbac.authorization.k8s.io/v1
  26.       time: '2021-03-21T07:43:21Z'
  27.       fieldsType: FieldsV1
  28.       fieldsV1:
  29.         'f:rules': {}
  30.     - manager: kubectl-client-side-apply
  31.       operation: Update
  32.       apiVersion: rbac.authorization.k8s.io/v1
  33.       time: '2021-04-11T16:18:50Z'
  34.       fieldsType: FieldsV1
  35.       fieldsV1:
  36.         'f:metadata':
  37.           'f:annotations':
  38.             'f:kubectl.kubernetes.io/last-applied-configuration': {}
  39.   selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/kubeflow-admin
  40. rules:
  41.   - verbs:
  42.      - get
  43.       - list
  44.       - watch
  45.     apiGroups:
  46.      - kubeflow.org
  47.     resources:
  48.      - poddefaults
  49.   - verbs:
  50.      - get
  51.       - list
  52.       - create
  53.       - delete
  54.     apiGroups:
  55.      - kubeflow.org
  56.     resources:
  57.      - notebooks
  58.       - notebooks/finalizers
  59.       - poddefaults
  60.   - verbs:
  61.      - get
  62.       - list
  63.       - watch
  64.       - create
  65.       - delete
  66.       - deletecollection
  67.       - patch
  68.       - update
  69.     apiGroups:
  70.      - istio.io
  71.       - networking.istio.io
  72.     resources:
  73.      - '*'
  74.   - verbs:
  75.      - get
  76.       - list
  77.       - watch
  78.       - create
  79.       - delete
  80.       - deletecollection
  81.       - patch
  82.       - update
  83.     apiGroups:
  84.      - kubeflow.org
  85.     resources:
  86.      - experiments
  87.       - trials
  88.       - suggestions
  89.   - verbs:
  90.      - get
  91.       - list
  92.       - watch
  93.       - create
  94.       - delete
  95.       - deletecollection
  96.       - patch
  97.       - update
  98.     apiGroups:
  99.      - serving.kubeflow.org
  100.     resources:
  101.      - inferenceservices
  102.   - verbs:
  103.      - get
  104.       - list
  105.       - watch
  106.     apiGroups:
  107.      - ''
  108.     resources:
  109.      - pods/attach
  110.       - pods/exec
  111.       - pods/portforward
  112.       - pods/proxy
  113.       - secrets
  114.       - services/proxy
  115.   - verbs:
  116.      - impersonate
  117.     apiGroups:
  118.      - ''
  119.     resources:
  120.      - serviceaccounts
  121.   - verbs:
  122.      - create
  123.       - delete
  124.       - deletecollection
  125.       - patch
  126.       - update
  127.     apiGroups:
  128.      - ''
  129.     resources:
  130.      - pods
  131.       - pods/attach
  132.       - pods/exec
  133.       - pods/portforward
  134.       - pods/proxy
  135.   - verbs:
  136.      - create
  137.       - delete
  138.       - deletecollection
  139.       - patch
  140.       - update
  141.     apiGroups:
  142.      - ''
  143.     resources:
  144.      - configmaps
  145.       - endpoints
  146.       - persistentvolumeclaims
  147.       - replicationcontrollers
  148.       - replicationcontrollers/scale
  149.       - secrets
  150.       - serviceaccounts
  151.       - services
  152.       - services/proxy
  153.   - verbs:
  154.      - create
  155.       - delete
  156.       - deletecollection
  157.       - patch
  158.       - update
  159.     apiGroups:
  160.      - apps
  161.     resources:
  162.      - daemonsets
  163.       - deployments
  164.       - deployments/rollback
  165.       - deployments/scale
  166.       - replicasets
  167.       - replicasets/scale
  168.       - statefulsets
  169.       - statefulsets/scale
  170.   - verbs:
  171.      - create
  172.       - delete
  173.       - deletecollection
  174.       - patch
  175.       - update
  176.     apiGroups:
  177.      - autoscaling
  178.     resources:
  179.      - horizontalpodautoscalers
  180.   - verbs:
  181.      - create
  182.       - delete
  183.       - deletecollection
  184.       - patch
  185.       - update
  186.     apiGroups:
  187.      - batch
  188.     resources:
  189.      - cronjobs
  190.       - jobs
  191.   - verbs:
  192.      - create
  193.       - delete
  194.       - deletecollection
  195.       - patch
  196.       - update
  197.     apiGroups:
  198.      - extensions
  199.     resources:
  200.      - daemonsets
  201.       - deployments
  202.       - deployments/rollback
  203.       - deployments/scale
  204.       - ingresses
  205.       - networkpolicies
  206.       - replicasets
  207.       - replicasets/scale
  208.       - replicationcontrollers/scale
  209.   - verbs:
  210.      - create
  211.       - delete
  212.       - deletecollection
  213.       - patch
  214.       - update
  215.     apiGroups:
  216.      - policy
  217.     resources:
  218.      - poddisruptionbudgets
  219.   - verbs:
  220.      - create
  221.       - delete
  222.       - deletecollection
  223.       - patch
  224.       - update
  225.     apiGroups:
  226.      - networking.k8s.io
  227.     resources:
  228.      - ingresses
  229.       - networkpolicies
  230.   - verbs:
  231.      - get
  232.       - list
  233.       - watch
  234.       - create
  235.       - delete
  236.       - deletecollection
  237.       - patch
  238.       - update
  239.     apiGroups:
  240.      - kubeflow.org
  241.     resources:
  242.      - mpijobs
  243.       - mpijobs/status
  244.   - verbs:
  245.      - get
  246.       - list
  247.       - watch
  248.       - create
  249.       - delete
  250.       - deletecollection
  251.       - patch
  252.       - update
  253.     apiGroups:
  254.      - kubeflow.org
  255.     resources:
  256.      - mxjobs
  257.       - mxjobs/status
  258.   - verbs:
  259.      - get
  260.       - list
  261.       - watch
  262.       - create
  263.       - delete
  264.       - deletecollection
  265.       - patch
  266.       - update
  267.     apiGroups:
  268.      - kubeflow.org
  269.     resources:
  270.      - pytorchjobs
  271.       - pytorchjobs/status
  272.       - pytorchjobs/finalizers
  273.   - verbs:
  274.      - get
  275.       - list
  276.       - watch
  277.       - create
  278.       - delete
  279.       - deletecollection
  280.       - patch
  281.       - update
  282.     apiGroups:
  283.      - kubeflow.org
  284.     resources:
  285.      - tfjobs
  286.       - tfjobs/status
  287.   - verbs:
  288.      - get
  289.       - list
  290.     apiGroups:
  291.      - kubeflow.org
  292.     resources:
  293.      - notebooks
  294.       - notebooks/finalizers
  295.       - poddefaults
  296.   - verbs:
  297.      - get
  298.       - list
  299.       - watch
  300.     apiGroups:
  301.      - storage.k8s.io
  302.     resources:
  303.      - storageclasses
  304.   - verbs:
  305.      - get
  306.       - list
  307.       - watch
  308.     apiGroups:
  309.      - istio.io
  310.       - networking.istio.io
  311.     resources:
  312.      - '*'
  313.   - verbs:
  314.      - get
  315.       - list
  316.       - watch
  317.     apiGroups:
  318.      - kubeflow.org
  319.     resources:
  320.      - experiments
  321.       - trials
  322.       - suggestions
  323.   - verbs:
  324.      - get
  325.       - list
  326.       - watch
  327.     apiGroups:
  328.      - serving.kubeflow.org
  329.     resources:
  330.      - inferenceservices
  331.   - verbs:
  332.      - get
  333.       - list
  334.       - watch
  335.     apiGroups:
  336.      - ''
  337.     resources:
  338.      - configmaps
  339.       - endpoints
  340.       - persistentvolumeclaims
  341.       - persistentvolumeclaims/status
  342.       - pods
  343.       - replicationcontrollers
  344.       - replicationcontrollers/scale
  345.       - serviceaccounts
  346.       - services
  347.       - services/status
  348.   - verbs:
  349.      - get
  350.       - list
  351.       - watch
  352.     apiGroups:
  353.      - ''
  354.     resources:
  355.      - bindings
  356.       - events
  357.       - limitranges
  358.       - namespaces/status
  359.       - pods/log
  360.       - pods/status
  361.       - replicationcontrollers/status
  362.       - resourcequotas
  363.       - resourcequotas/status
  364.   - verbs:
  365.      - get
  366.       - list
  367.       - watch
  368.     apiGroups:
  369.      - ''
  370.     resources:
  371.      - namespaces
  372.   - verbs:
  373.      - get
  374.       - list
  375.       - watch
  376.     apiGroups:
  377.      - apps
  378.     resources:
  379.      - controllerrevisions
  380.       - daemonsets
  381.       - daemonsets/status
  382.       - deployments
  383.       - deployments/scale
  384.       - deployments/status
  385.       - replicasets
  386.       - replicasets/scale
  387.       - replicasets/status
  388.       - statefulsets
  389.       - statefulsets/scale
  390.       - statefulsets/status
  391.   - verbs:
  392.      - get
  393.       - list
  394.       - watch
  395.     apiGroups:
  396.      - autoscaling
  397.     resources:
  398.      - horizontalpodautoscalers
  399.       - horizontalpodautoscalers/status
  400.   - verbs:
  401.      - get
  402.       - list
  403.       - watch
  404.     apiGroups:
  405.      - batch
  406.     resources:
  407.      - cronjobs
  408.       - cronjobs/status
  409.       - jobs
  410.       - jobs/status
  411.   - verbs:
  412.      - get
  413.       - list
  414.       - watch
  415.     apiGroups:
  416.      - extensions
  417.     resources:
  418.      - daemonsets
  419.       - daemonsets/status
  420.       - deployments
  421.       - deployments/scale
  422.       - deployments/status
  423.       - ingresses
  424.       - ingresses/status
  425.       - networkpolicies
  426.       - replicasets
  427.       - replicasets/scale
  428.       - replicasets/status
  429.       - replicationcontrollers/scale
  430.   - verbs:
  431.      - get
  432.       - list
  433.       - watch
  434.     apiGroups:
  435.      - policy
  436.     resources:
  437.      - poddisruptionbudgets
  438.       - poddisruptionbudgets/status
  439.   - verbs:
  440.      - get
  441.       - list
  442.       - watch
  443.     apiGroups:
  444.      - networking.k8s.io
  445.     resources:
  446.      - ingresses
  447.       - ingresses/status
  448.       - networkpolicies
  449.   - verbs:
  450.      - get
  451.       - list
  452.       - watch
  453.     apiGroups:
  454.      - kubeflow.org
  455.     resources:
  456.      - mpijobs
  457.       - mpijobs/status
  458.   - verbs:
  459.      - get
  460.       - list
  461.       - watch
  462.     apiGroups:
  463.      - kubeflow.org
  464.     resources:
  465.      - mxjobs
  466.       - mxjobs/status
  467.   - verbs:
  468.      - get
  469.       - list
  470.       - watch
  471.     apiGroups:
  472.      - kubeflow.org
  473.     resources:
  474.      - pytorchjobs
  475.       - pytorchjobs/status
  476.       - pytorchjobs/finalizers
  477.   - verbs:
  478.      - get
  479.       - list
  480.       - watch
  481.     apiGroups:
  482.      - kubeflow.org
  483.     resources:
  484.      - tfjobs
  485.       - tfjobs/status
  486.   - verbs:
  487.      - get
  488.       - list
  489.       - watch
  490.     apiGroups:
  491.      - kubeflow.org
  492.     resources:
  493.      - notebooks
  494.       - notebooks/status
  495.   - verbs:
  496.      - get
  497.       - list
  498.       - watch
  499.       - create
  500.       - delete
  501.       - deletecollection
  502.       - patch
  503.       - update
  504.     apiGroups:
  505.      - kubeflow.org
  506.     resources:
  507.      - notebooks
  508.       - notebooks/status
  509.   - verbs:
  510.      - create
  511.     apiGroups:
  512.      - authorization.k8s.io
  513.     resources:
  514.      - localsubjectaccessreviews
  515.   - verbs:
  516.      - create
  517.       - delete
  518.       - deletecollection
  519.       - get
  520.       - list
  521.       - patch
  522.       - update
  523.       - watch
  524.     apiGroups:
  525.      - rbac.authorization.k8s.io
  526.     resources:
  527.      - rolebindings
  528.       - roles
  529. aggregationRule:
  530.   clusterRoleSelectors:
  531.     - matchLabels:
  532.         rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: 'true'
  533. ------------------------------------------------------------------
  534. kind: RoleBinding
  535. apiVersion: rbac.authorization.k8s.io/v1
  536. metadata:
  537.   name: eva-role-binding
  538.   namespace: nedeliakovaeva
  539.   uid: 2f4084db-b992-4eae-b4b2-0812992fe5d0
  540.   resourceVersion: '19859999'
  541.   creationTimestamp: '2021-04-11T17:01:22Z'
  542.   managedFields:
  543.     - manager: kubectl-create
  544.       operation: Update
  545.       apiVersion: rbac.authorization.k8s.io/v1
  546.       time: '2021-04-11T17:01:22Z'
  547.       fieldsType: FieldsV1
  548.       fieldsV1:
  549.         'f:roleRef':
  550.           'f:apiGroup': {}
  551.           'f:kind': {}
  552.           'f:name': {}
  553.         'f:subjects': {}
  554.   selfLink: >-
  555.     /apis/rbac.authorization.k8s.io/v1/namespaces/nedeliakovaeva/rolebindings/eva-role-binding
  556. subjects:
  557.   - kind: User
  558.     apiGroup: rbac.authorization.k8s.io
  559.     name: mail@gmail.com
  560. roleRef:
  561.   apiGroup: rbac.authorization.k8s.io
  562.   kind: ClusterRole
  563.   name: cluster-admin
  564.  
RAW Paste Data