rht
/
ocp-ing-ichp-materials


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596
							apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    openshift.io/description: An ICHP dedicated role for admins.
    openshift.io/reconcile-protect: "true"
  labels:
    app.kubernetes.io/instance: rbac
    app.kubernetes.io/name: ichp-rbac
  name: ichp-project-admin
rules:
- apiGroups:
  - authdelegation.ichp.ing.net
  resources:
  - authdelegations
  verbs:
  - '*'
- apiGroups:
  - cert-manager.io
  resources:
  - certificaterequests
  - certificaterequests/status
  - certificates
  - certificates/status
  - issuers
  - issuers/status
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - acme.cert-manager.io
  resources:
  - challenges
  - challenges/status
  - orders
  - orders/status
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - operators.coreos.com
  resources:
  - catalogsources
  - clusterserviceversions
  - installplans
  - subscriptions
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - monitoring.coreos.com
  resources:
  - alertmanagers
  verbs:
  - create
  - delete
  - patch
  - update
  - get
  - list
  - watch
- apiGroups:
  - monitoring.coreos.com
  resources:
  - prometheuses
  verbs:
  - create
  - delete
  - patch
  - update
  - get
  - list
  - watch
- apiGroups:
  - monitoring.coreos.com
  resources:
  - prometheusrules
  verbs:
  - create
  - delete
  - patch
  - update
  - get
  - list
  - watch
- apiGroups:
  - monitoring.coreos.com
  resources:
  - servicemonitors
  verbs:
  - create
  - delete
  - patch
  - update
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  - endpoints
  - limitranges
  - persistentvolumeclaims
  - pods
  - replicationcontrollers
  - replicationcontrollers/scale
  - secrets
  - serviceaccounts
  - services
  - services/proxy
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  resources:
  - bindings
  - events
  - namespaces/status
  - pods/log
  - pods/status
  - replicationcontrollers/status
  - resourcequotas
  - resourcequotas/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - serviceaccounts
  verbs:
  - impersonate
- apiGroups:
  - apps
  resources:
  - daemonsets
  - deployments
  - deployments/rollback
  - deployments/scale
  - replicasets
  - replicasets/scale
  - statefulsets
  - statefulsets/scale
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - autoscaling
  resources:
  - horizontalpodautoscalers
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - batch
  resources:
  - cronjobs
  - jobs
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - extensions
  resources:
  - daemonsets
  - deployments
  - deployments/rollback
  - deployments/scale
  - ingresses
  - networkpolicies
  - replicasets
  - replicasets/scale
  - replicationcontrollers/scale
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - policy
  resources:
  - poddisruptionbudgets
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - networkpolicies
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - authorization.k8s.io
  resources:
  - localsubjectaccessreviews
  verbs:
  - create
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - rolebindings
  - roles
  verbs:
  - bind
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  - authorization.openshift.io
  resources:
  - rolebindings
  - roles
  verbs:
  - bind
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  - authorization.openshift.io
  resources:
  - localresourceaccessreviews
  - localsubjectaccessreviews
  - subjectrulesreviews
  verbs:
  - create
- apiGroups:
  - ""
  - security.openshift.io
  resources:
  - podsecuritypolicyreviews
  - podsecuritypolicyselfsubjectreviews
  - podsecuritypolicysubjectreviews
  verbs:
  - create
- apiGroups:
  - ""
  - authorization.openshift.io
  resources:
  - rolebindingrestrictions
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - build.openshift.io
  resources:
  - buildconfigs
  - buildconfigs/webhooks
  - builds
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  - build.openshift.io
  resources:
  - builds/log
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - build.openshift.io
  resources:
  - buildconfigs/instantiate
  - buildconfigs/instantiatebinary
  - builds/clone
  verbs:
  - create
- apiGroups:
  - ""
  - build.openshift.io
  resources:
  - builds/details
  verbs:
  - update
- apiGroups:
  - build.openshift.io
  resources:
  - jenkins
  verbs:
  - admin
  - edit
  - view
- apiGroups:
  - ""
  - apps.openshift.io
  resources:
  - deploymentconfigs
  - deploymentconfigs/scale
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  - apps.openshift.io
  resources:
  - deploymentconfigrollbacks
  - deploymentconfigs/instantiate
  - deploymentconfigs/rollback
  verbs:
  - create
- apiGroups:
  - ""
  - apps.openshift.io
  resources:
  - deploymentconfigs/log
  - deploymentconfigs/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - image.openshift.io
  resources:
  - imagestreamimages
  - imagestreammappings
  - imagestreams
  - imagestreams/secrets
  - imagestreamtags
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  - image.openshift.io
  resources:
  - imagestreams/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - image.openshift.io
  resources:
  - imagestreams/layers
  verbs:
  - get
  - update
- apiGroups:
  - ""
  - image.openshift.io
  resources:
  - imagestreamimports
  verbs:
  - create
- apiGroups:
  - ""
  - project.openshift.io
  resources:
  - projects
  verbs:
  - delete
  - get
  - patch
  - update
- apiGroups:
  - ""
  - quota.openshift.io
  resources:
  - appliedclusterresourcequotas
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - route.openshift.io
  resources:
  - routes
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  - route.openshift.io
  resources:
  - routes/custom-host
  verbs:
  - create
- apiGroups:
  - ""
  - route.openshift.io
  resources:
  - routes/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - route.openshift.io
  resources:
  - routes/status
  verbs:
  - update
- apiGroups:
  - ""
  - template.openshift.io
  resources:
  - processedtemplates
  - templateconfigs
  - templateinstances
  - templates
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - extensions
  - networking.k8s.io
  resources:
  - networkpolicies
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  - build.openshift.io
  resources:
  - buildlogs
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ""
  resources:
  - resourcequotausages
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - authorization.openshift.io
  resources:
  - resourceaccessreviews
  - subjectaccessreviews
  verbs:
  - create
- apiGroups:
  - metrics.k8s.io
  resources:
  - pods
  verbs:
  - get
  - list
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - ichp.ing.net
  resources:
  - quotaautoscalers
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch