mirror of https://git.rancher.io/charts
51 lines
1.3 KiB
YAML
51 lines
1.3 KiB
YAML
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
|
name: cis-admin
|
|
namespace: {{ template "cis.namespace" . }}
|
|
rules:
|
|
- apiGroups:
|
|
- cis.cattle.io
|
|
resources:
|
|
- clusterscanbenchmarks
|
|
- clusterscanprofiles
|
|
- clusterscans
|
|
- clusterscanreports
|
|
verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
|
namespace: {{ template "cis.namespace" . }}
|
|
name: cis-edit
|
|
rules:
|
|
- apiGroups:
|
|
- cis.cattle.io
|
|
resources:
|
|
- clusterscanbenchmarks
|
|
- clusterscanprofiles
|
|
- clusterscans
|
|
- clusterscanreports
|
|
verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
|
namespace: {{ template "cis.namespace" . }}
|
|
name: cis-view
|
|
rules:
|
|
- apiGroups:
|
|
- cis.cattle.io
|
|
resources:
|
|
- clusterscanbenchmarks
|
|
- clusterscanprofiles
|
|
- clusterscans
|
|
- clusterscanreports
|
|
verbs: ["get", "watch", "list"] |