mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-30 02:00:19 +00:00
46 lines
1.3 KiB
YAML
46 lines
1.3 KiB
YAML
kind: Role
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
labels:
|
|
k8s-app: kubernetes-dashboard
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
name: kubernetes-dashboard-minimal
|
|
namespace: kube-system
|
|
rules:
|
|
# Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["create"]
|
|
# Allow Dashboard to get, update and delete Dashboard exclusive secrets.
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
|
|
verbs: ["get", "update", "delete"]
|
|
# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
resourceNames: ["kubernetes-dashboard-settings"]
|
|
verbs: ["get", "update"]
|
|
# Allow Dashboard to get metrics from heapster.
|
|
- apiGroups: [""]
|
|
resources: ["services"]
|
|
resourceNames: ["heapster"]
|
|
verbs: ["proxy"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: kubernetes-dashboard-minimal
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: kubernetes-dashboard
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: kubernetes-dashboard-minimal
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kubernetes-dashboard
|
|
namespace: kube-system
|