andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-charts/charts/rancher-cis-benchmark/3.0.0/templates/rbac.yaml

161 lines
3.0 KiB
YAML
Raw Blame History

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: rancher-cis-benchmark
app.kubernetes.io/instance: release-name
name: cis-operator-clusterrole
rules:
- apiGroups:
- "cis.cattle.io"
resources:
- "*"
verbs:
- "*"
- apiGroups:
- ""
resources:
- "pods"
- "services"
- "configmaps"
- "nodes"
- "serviceaccounts"
verbs:
- "get"
- "list"
- "create"
- "update"
- "watch"
- "patch"
- apiGroups:
- "batch"
resources:
- "jobs"
verbs:
- "list"
- "create"
- "patch"
- "update"
- "watch"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: rancher-cis-benchmark
app.kubernetes.io/instance: release-name
name: cis-scan-ns
rules:
- apiGroups:
- "*"
resources:
- "podsecuritypolicies"
verbs:
- "get"
- "list"
- "watch"
- apiGroups:
- ""
resources:
- "namespaces"
- "nodes"
- "pods"
verbs:
- "get"
- "list"
- "watch"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cis-operator-role
labels:
app.kubernetes.io/name: rancher-cis-benchmark
app.kubernetes.io/instance: release-name
namespace: {{ template "cis.namespace" . }}
rules:
- apiGroups:
- ""
resources:
- "services"
verbs:
- "watch"
- "list"
- "get"
- "patch"
- apiGroups:
- "batch"
resources:
- "jobs"
verbs:
- "watch"
- "list"
- "get"
- "delete"
- apiGroups:
- ""
resources:
- "configmaps"
- "pods"
- "secrets"
verbs:
- "*"
- apiGroups:
- "apps"
resources:
- "daemonsets"
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: rancher-cis-benchmark
app.kubernetes.io/instance: release-name
name: cis-operator-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cis-operator-clusterrole
subjects:
- kind: ServiceAccount
name: cis-operator-serviceaccount
namespace: {{ template "cis.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cis-scan-ns
labels:
app.kubernetes.io/name: rancher-cis-benchmark
app.kubernetes.io/instance: release-name
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cis-scan-ns
subjects:
- kind: ServiceAccount
name: cis-serviceaccount
namespace: {{ template "cis.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: rancher-cis-benchmark
app.kubernetes.io/instance: release-name
name: cis-operator-rolebinding
namespace: {{ template "cis.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cis-operator-role
subjects:
- kind: ServiceAccount
name: cis-serviceaccount
namespace: {{ template "cis.namespace" . }}
- kind: ServiceAccount
name: cis-operator-serviceaccount
namespace: {{ template "cis.namespace" . }}
Reference in New Issue View Git Blame Copy Permalink