admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b5015ec7b9562d32a6eae5840d8b6a3b21ddfc07
kubesphere/config/ks-core/templates/role-templates.yaml
hongming ecf8bac31d update ks-core helm chart (#5247)
2022-09-27 08:28:22 +08:00

247 lines
6.4 KiB
YAML
Raw Blame History

---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/aggregation-roles: '["role-template-manage-clusters","role-template-view-clusters","role-template-view-roles","role-template-view-workspaces","role-template-manage-workspaces","role-template-manage-users","role-template-view-users","role-template-manage-app-templates","role-template-view-app-templates","role-template-manage-platform-settings"]'
kubesphere.io/creator: admin
name: platform-admin
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
name: anonymous
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRoleBinding
metadata:
name: anonymous
roleRef:
apiGroup: iam.kubesphere.io/v1alpha2
kind: GlobalRole
name: anonymous
subjects:
- apiGroup: iam.kubesphere.io/v1alpha2
kind: Group
name: system:unauthenticated
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/role-template-rules: '{"basic": "view"}'
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-view-basic
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/module: Clusters Management
iam.kubesphere.io/role-template-rules: '{"clusters": "view"}'
kubesphere.io/alias-name: Clusters View
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-view-clusters
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/dependencies: '["role-template-view-clusters"]'
iam.kubesphere.io/module: Clusters Management
iam.kubesphere.io/role-template-rules: '{"clusters": "manage"}'
kubesphere.io/alias-name: Clusters Management
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-manage-clusters
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/module: Access Control
iam.kubesphere.io/role-template-rules: '{"workspaces": "view"}'
kubesphere.io/alias-name: Workspaces View
labels:
iam.kubesphere.io/role-template: "true"
kubefed.io/managed: "true"
name: role-template-view-workspaces
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/dependencies: '["role-template-view-workspaces"]'
iam.kubesphere.io/module: Access Control
iam.kubesphere.io/role-template-rules: '{"workspaces": "manage"}'
kubesphere.io/alias-name: Workspaces Management
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-manage-workspaces
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/module: Access Control
iam.kubesphere.io/role-template-rules: '{"users": "view"}'
kubesphere.io/alias-name: Users View
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-view-users
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/dependencies: '["role-template-view-users","role-template-view-roles"]'
iam.kubesphere.io/module: Access Control
iam.kubesphere.io/role-template-rules: '{"users": "manage"}'
kubesphere.io/alias-name: Users Management
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-manage-users
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/dependencies: '["role-template-view-users"]'
iam.kubesphere.io/module: Access Control
iam.kubesphere.io/role-template-rules: '{"roles": "view"}'
kubesphere.io/alias-name: Roles View
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-view-roles
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/dependencies: '["role-template-view-roles"]'
iam.kubesphere.io/module: Access Control
iam.kubesphere.io/role-template-rules: '{"roles": "manage"}'
kubesphere.io/alias-name: Roles Management
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-manage-roles
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/module: Apps Management
iam.kubesphere.io/role-template-rules: '{"app-templates": "view"}'
kubesphere.io/alias-name: App Templates View
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-view-app-templates
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/dependencies: '["role-template-view-app-templates"]'
iam.kubesphere.io/module: Apps Management
iam.kubesphere.io/role-template-rules: '{"app-templates": "manage"}'
kubesphere.io/alias-name: App Templates Management
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-manage-app-templates
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/module: Platform Settings
iam.kubesphere.io/role-template-rules: '{"platform-settings": "manage"}'
kubesphere.io/alias-name: Platform Settings Management
labels:
iam.kubesphere.io/role-template: "true"
name: role-template-manage-platform-settings
rules: []
---
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRoleBinding
metadata:
name: admin
roleRef:
apiGroup: iam.kubesphere.io/v1alpha2
kind: GlobalRole
name: platform-admin
subjects:
- apiGroup: iam.kubesphere.io/v1alpha2
kind: User
name: admin
---
apiVersion: tenant.kubesphere.io/v1alpha2
kind: WorkspaceTemplate
metadata:
labels:
kubefed.io/managed: "false"
annotations:
kubesphere.io/creator: admin
kubesphere.io/description: "system-workspace is a built-in workspace automatically created by KubeSphere. It contains all system components to run KubeSphere."
name: system-workspace
spec:
placement:
clusterSelector: {}
template:
spec:
manager: admin
networkIsolation: false
---
apiVersion: tenant.kubesphere.io/v1alpha1
kind: Workspace
metadata:
labels:
kubefed.io/managed: "false"
annotations:
kubesphere.io/creator: admin
name: system-workspace
spec:
manager: admin
networkIsolation: false
Reference in New Issue View Git Blame Copy Permalink