99 lines
3.8 KiB
YAML
Generated
99 lines
3.8 KiB
YAML
Generated
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: (devel)
|
|
creationTimestamp: null
|
|
name: globalrolebindings.iam.kubesphere.io
|
|
spec:
|
|
group: iam.kubesphere.io
|
|
names:
|
|
categories:
|
|
- iam
|
|
kind: GlobalRoleBinding
|
|
listKind: GlobalRoleBindingList
|
|
plural: globalrolebindings
|
|
singular: globalrolebinding
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1alpha2
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: GlobalRoleBinding is the Schema for the globalrolebindings API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
roleRef:
|
|
description: RoleRef can only reference a GlobalRole. If the RoleRef cannot
|
|
be resolved, the Authorizer must return an error.
|
|
properties:
|
|
apiGroup:
|
|
description: APIGroup is the group for the resource being referenced
|
|
type: string
|
|
kind:
|
|
description: Kind is the type of resource being referenced
|
|
type: string
|
|
name:
|
|
description: Name is the name of resource being referenced
|
|
type: string
|
|
required:
|
|
- apiGroup
|
|
- kind
|
|
- name
|
|
type: object
|
|
subjects:
|
|
description: Subjects holds references to the objects the role applies
|
|
to.
|
|
items:
|
|
description: Subject contains a reference to the object or user identities
|
|
a role binding applies to. This can either hold a direct API object
|
|
reference, or a value for non-objects such as user and group names.
|
|
properties:
|
|
apiGroup:
|
|
description: APIGroup holds the API group of the referenced subject.
|
|
Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
|
|
for User and Group subjects.
|
|
type: string
|
|
kind:
|
|
description: Kind of object being referenced. Values defined by
|
|
this API group are "User", "Group", and "ServiceAccount". If the
|
|
Authorizer does not recognized the kind value, the Authorizer
|
|
should report an error.
|
|
type: string
|
|
name:
|
|
description: Name of the object being referenced.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referenced object. If the object
|
|
kind is non-namespace, such as "User" or "Group", and this value
|
|
is not empty the Authorizer should report an error.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
required:
|
|
- roleRef
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|