--- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/aggregation-roles: '["role-template-manage-clusters","role-template-view-clusters","role-template-view-roles","role-template-view-workspaces","role-template-manage-workspaces","role-template-manage-users","role-template-view-users","role-template-manage-app-templates","role-template-view-app-templates","role-template-manage-platform-settings"]' kubesphere.io/creator: admin name: platform-admin rules: - apiGroups: - '*' resources: - '*' verbs: - '*' - nonResourceURLs: - '*' verbs: - '*' --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: name: anonymous rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRoleBinding metadata: name: anonymous roleRef: apiGroup: iam.kubesphere.io/v1alpha2 kind: GlobalRole name: anonymous subjects: - apiGroup: iam.kubesphere.io/v1alpha2 kind: Group name: system:unauthenticated --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/role-template-rules: '{"basic": "view"}' labels: iam.kubesphere.io/role-template: "true" name: role-template-view-basic rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/module: Clusters Management iam.kubesphere.io/role-template-rules: '{"clusters": "view"}' kubesphere.io/alias-name: Clusters View labels: iam.kubesphere.io/role-template: "true" name: role-template-view-clusters rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/dependencies: '["role-template-view-clusters"]' iam.kubesphere.io/module: Clusters Management iam.kubesphere.io/role-template-rules: '{"clusters": "manage"}' kubesphere.io/alias-name: Clusters Management labels: iam.kubesphere.io/role-template: "true" name: role-template-manage-clusters rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/module: Access Control iam.kubesphere.io/role-template-rules: '{"workspaces": "view"}' kubesphere.io/alias-name: Workspaces View labels: iam.kubesphere.io/role-template: "true" kubefed.io/managed: "true" name: role-template-view-workspaces rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/dependencies: '["role-template-view-workspaces"]' iam.kubesphere.io/module: Access Control iam.kubesphere.io/role-template-rules: '{"workspaces": "manage"}' kubesphere.io/alias-name: Workspaces Management labels: iam.kubesphere.io/role-template: "true" name: role-template-manage-workspaces rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/module: Access Control iam.kubesphere.io/role-template-rules: '{"users": "view"}' kubesphere.io/alias-name: Users View labels: iam.kubesphere.io/role-template: "true" name: role-template-view-users rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/dependencies: '["role-template-view-users","role-template-view-roles"]' iam.kubesphere.io/module: Access Control iam.kubesphere.io/role-template-rules: '{"users": "manage"}' kubesphere.io/alias-name: Users Management labels: iam.kubesphere.io/role-template: "true" name: role-template-manage-users rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/dependencies: '["role-template-view-users"]' iam.kubesphere.io/module: Access Control iam.kubesphere.io/role-template-rules: '{"roles": "view"}' kubesphere.io/alias-name: Roles View labels: iam.kubesphere.io/role-template: "true" name: role-template-view-roles rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/dependencies: '["role-template-view-roles"]' iam.kubesphere.io/module: Access Control iam.kubesphere.io/role-template-rules: '{"roles": "manage"}' kubesphere.io/alias-name: Roles Management labels: iam.kubesphere.io/role-template: "true" name: role-template-manage-roles rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/module: Apps Management iam.kubesphere.io/role-template-rules: '{"app-templates": "view"}' kubesphere.io/alias-name: App Templates View labels: iam.kubesphere.io/role-template: "true" name: role-template-view-app-templates rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/dependencies: '["role-template-view-app-templates"]' iam.kubesphere.io/module: Apps Management iam.kubesphere.io/role-template-rules: '{"app-templates": "manage"}' kubesphere.io/alias-name: App Templates Management labels: iam.kubesphere.io/role-template: "true" name: role-template-manage-app-templates rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRole metadata: annotations: iam.kubesphere.io/module: Platform Settings iam.kubesphere.io/role-template-rules: '{"platform-settings": "manage"}' kubesphere.io/alias-name: Platform Settings Management labels: iam.kubesphere.io/role-template: "true" name: role-template-manage-platform-settings rules: [] --- apiVersion: iam.kubesphere.io/v1alpha2 kind: GlobalRoleBinding metadata: name: admin roleRef: apiGroup: iam.kubesphere.io/v1alpha2 kind: GlobalRole name: platform-admin subjects: - apiGroup: iam.kubesphere.io/v1alpha2 kind: User name: admin --- apiVersion: tenant.kubesphere.io/v1alpha2 kind: WorkspaceTemplate metadata: labels: kubefed.io/managed: "false" annotations: kubesphere.io/creator: admin kubesphere.io/description: "system-workspace is a built-in workspace automatically created by KubeSphere. It contains all system components to run KubeSphere." name: system-workspace spec: placement: clusterSelector: {} template: spec: manager: admin networkIsolation: false --- apiVersion: tenant.kubesphere.io/v1alpha1 kind: Workspace metadata: labels: kubefed.io/managed: "false" annotations: kubesphere.io/creator: admin name: system-workspace spec: manager: admin networkIsolation: false