rancher-charts/charts/fleet/0.3.100/templates/rbac.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: fleet-controller
rules:
- apiGroups:
  - gitjob.cattle.io
  resources:
  - '*'
  verbs:
  - '*'
- apiGroups:
  - fleet.cattle.io
  resources:
  - '*'
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - namespaces
  - serviceaccounts
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - secrets
  - configmaps
  verbs:
  - '*'
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - clusterroles
  - clusterrolebindings
  - roles
  - rolebindings
  verbs:
  - '*'

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: fleet-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: fleet-controller
subjects:
- kind: ServiceAccount
  name: fleet-controller
  namespace: {{.Release.Namespace}}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: fleet-controller
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - '*'

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: fleet-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: fleet-controller
subjects:
- kind: ServiceAccount
  name: fleet-controller

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: fleet-controller-bootstrap
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: fleet-controller-bootstrap
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: fleet-controller-bootstrap
subjects:
- kind: ServiceAccount
  name: fleet-controller-bootstrap
  namespace: {{.Release.Namespace}}
Generated changes 2020-09-30 23:34:22 +00:00			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: fleet-controller`
			`rules:`
			`- apiGroups:`
			`- gitjob.cattle.io`
			`resources:`
			`- '*'`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- fleet.cattle.io`
			`resources:`
			`- '*'`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- namespaces`
			`- serviceaccounts`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- secrets`
			`- configmaps`
			`verbs:`
			`- '*'`
			`- apiGroups:`
			`- rbac.authorization.k8s.io`
			`resources:`
			`- clusterroles`
			`- clusterrolebindings`
			`- roles`
			`- rolebindings`
			`verbs:`
			`- '*'`

			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: fleet-controller`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: fleet-controller`
			`subjects:`
			`- kind: ServiceAccount`
			`name: fleet-controller`
			`namespace: {{.Release.Namespace}}`

			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`name: fleet-controller`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- configmaps`
			`verbs:`
			`- '*'`

			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: RoleBinding`
			`metadata:`
			`name: fleet-controller`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: Role`
			`name: fleet-controller`
			`subjects:`
			`- kind: ServiceAccount`
			`name: fleet-controller`

			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: fleet-controller-bootstrap`
			`rules:`
			`- apiGroups:`
			`- '*'`
			`resources:`
			`- '*'`
			`verbs:`
			`- '*'`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: fleet-controller-bootstrap`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: fleet-controller-bootstrap`
			`subjects:`
			`- kind: ServiceAccount`
			`name: fleet-controller-bootstrap`
			`namespace: {{.Release.Namespace}}`