4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
20 namespace: kube-system
22 apiVersion: rbac.authorization.k8s.io/v1
27 # copied from admin role, with some limits
50 - persistentvolumeclaims
51 - replicationcontrollers
52 - replicationcontrollers/scale
75 - replicationcontrollers/status
77 - resourcequotas/status
95 - deployments/rollback
113 - horizontalpodautoscalers
142 - deployments/rollback
148 - replicationcontrollers/scale
161 - poddisruptionbudgets
172 - authorization.k8s.io
174 - localsubjectaccessreviews
178 - rbac.authorization.k8s.io
192 - apiregistration.k8s.io
218 - admissionregistration.k8s.io
220 - mutatingwebhookconfigurations
221 - validatingwebhookconfigurations
233 apiVersion: rbac.authorization.k8s.io/v1
234 kind: ClusterRoleBinding
238 - kind: ServiceAccount
240 namespace: kube-system
244 apiGroup: rbac.authorization.k8s.io
246 apiVersion: rbac.authorization.k8s.io/v1
247 kind: ClusterRoleBinding
249 name: caas:tiller-psp
251 - kind: ServiceAccount
253 namespace: kube-system
257 apiGroup: rbac.authorization.k8s.io