mirror of https://github.com/k3s-io/k3s
50 lines
1.3 KiB
YAML
50 lines
1.3 KiB
YAML
|
# privilegedPSP gives the privilegedPSP role
|
||
|
|
# to the group privileged.
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||
|
|
kind: ClusterRoleBinding
|
||
|
|
metadata:
|
||
|
|
name: privileged-psp-users
|
||
|
|
subjects:
|
||
|
|
- kind: Group
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||
|
|
name: privileged-psp-users
|
||
|
|
roleRef:
|
||
|
|
apiGroup: rbac.authorization.k8s.io
|
||
|
|
kind: ClusterRole
|
||
|
|
name: privileged-psp-user
|
||
|
|
---
|
||
|
|
# restrictedPSP grants the restrictedPSP role to
|
||
|
|
# the groups restricted and privileged.
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||
|
|
kind: ClusterRoleBinding
|
||
|
|
metadata:
|
||
|
|
name: restricted-psp-users
|
||
|
|
subjects:
|
||
|
|
- kind: Group
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||
|
|
name: restricted-psp-users
|
||
|
|
- kind: Group
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||
|
|
name: privileged-psp-users
|
||
|
|
roleRef:
|
||
|
|
apiGroup: rbac.authorization.k8s.io
|
||
|
|
kind: ClusterRole
|
||
|
|
name: restricted-psp-user
|
||
|
|
---
|
||
|
|
# edit grants edit role to system:authenticated.
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||
|
|
kind: ClusterRoleBinding
|
||
|
|
metadata:
|
||
|
|
name: edit
|
||
|
|
subjects:
|
||
|
|
- kind: Group
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||
|
|
name: privileged-psp-users
|
||
|
|
- kind: Group
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||
|
|
name: restricted-psp-users
|
||
|
|
roleRef:
|
||
|
|
apiGroup: rbac.authorization.k8s.io
|
||
|
|
kind: ClusterRole
|
||
|
|
name: edit
|