mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-12-11 17:31:58 +01:00
68 lines
1.8 KiB
Nix
68 lines
1.8 KiB
Nix
{
|
|
apiVersion = "rbac.authorization.k8s.io/v1";
|
|
kind = "ClusterRole";
|
|
metadata = {
|
|
labels = {
|
|
app = "istio-reader";
|
|
release = "istio-istiod";
|
|
};
|
|
name = "istio-reader-clusterrole-1-20-2-istio-system";
|
|
};
|
|
rules = [
|
|
{
|
|
apiGroups = ["config.istio.io" "security.istio.io" "networking.istio.io" "authentication.istio.io" "rbac.istio.io"];
|
|
resources = ["*"];
|
|
verbs = ["get" "list" "watch"];
|
|
}
|
|
{
|
|
apiGroups = [""];
|
|
resources = ["endpoints" "pods" "services" "nodes" "replicationcontrollers" "namespaces" "secrets"];
|
|
verbs = ["get" "list" "watch"];
|
|
}
|
|
{
|
|
apiGroups = ["networking.istio.io"];
|
|
resources = ["workloadentries"];
|
|
verbs = ["get" "watch" "list"];
|
|
}
|
|
{
|
|
apiGroups = ["networking.x-k8s.io" "gateway.networking.k8s.io"];
|
|
resources = ["gateways"];
|
|
verbs = ["get" "watch" "list"];
|
|
}
|
|
{
|
|
apiGroups = ["apiextensions.k8s.io"];
|
|
resources = ["customresourcedefinitions"];
|
|
verbs = ["get" "list" "watch"];
|
|
}
|
|
{
|
|
apiGroups = ["discovery.k8s.io"];
|
|
resources = ["endpointslices"];
|
|
verbs = ["get" "list" "watch"];
|
|
}
|
|
{
|
|
apiGroups = ["multicluster.x-k8s.io"];
|
|
resources = ["serviceexports"];
|
|
verbs = ["get" "list" "watch" "create" "delete"];
|
|
}
|
|
{
|
|
apiGroups = ["multicluster.x-k8s.io"];
|
|
resources = ["serviceimports"];
|
|
verbs = ["get" "list" "watch"];
|
|
}
|
|
{
|
|
apiGroups = ["apps"];
|
|
resources = ["replicasets"];
|
|
verbs = ["get" "list" "watch"];
|
|
}
|
|
{
|
|
apiGroups = ["authentication.k8s.io"];
|
|
resources = ["tokenreviews"];
|
|
verbs = ["create"];
|
|
}
|
|
{
|
|
apiGroups = ["authorization.k8s.io"];
|
|
resources = ["subjectaccessreviews"];
|
|
verbs = ["create"];
|
|
}
|
|
];
|
|
}
|