ocp-ing-ichp-materials/playbooks/roles/setup-rbac/files/ichp-project-viewer.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    openshift.io/description: An ICHP dedicated role for viewing only.
    openshift.io/reconcile-protect: "true"
  labels:
    app.kubernetes.io/instance: rbac
    app.kubernetes.io/name: ichp-rbac
  name: ichp-project-viewer
rules:
- apiGroups:
  - authdelegation.ichp.ing.net
  resources:
  - authdelegations
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - cert-manager.io
  resources:
  - certificaterequests
  - certificaterequests/status
  - certificates
  - certificates/status
  - issuers
  - issuers/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - acme.cert-manager.io
  resources:
  - challenges
  - challenges/status
  - orders
  - orders/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - k8s.ovn.org
  resources:
  - egressfirewalls
  - egressips
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - operators.coreos.com
  resources:
  - catalogsources
  - clusterserviceversions
  - installplans
  - subscriptions
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  - endpoints
  - persistentvolumeclaims
  - pods
  - replicationcontrollers
  - replicationcontrollers/scale
  - serviceaccounts
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - bindings
  - events
  - limitranges
  - namespaces/status
  - pods/log
  - pods/status
  - replicationcontrollers/status
  - resourcequotas
  - resourcequotas/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - apps
  resources:
  - daemonsets
  - deployments
  - deployments/scale
  - replicasets
  - replicasets/scale
  - statefulsets
  - statefulsets/scale
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - autoscaling
  resources:
  - horizontalpodautoscalers
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - batch
  resources:
  - cronjobs
  - jobs
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources:
  - daemonsets
  - deployments
  - deployments/scale
  - ingresses
  - networkpolicies
  - replicasets
  - replicasets/scale
  - replicationcontrollers/scale
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - policy
  resources:
  - poddisruptionbudgets
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - networkpolicies
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - build.openshift.io
  resources:
  - buildconfigs
  - buildconfigs/webhooks
  - builds
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - build.openshift.io
  resources:
  - builds/log
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - build.openshift.io
  resources:
  - jenkins
  verbs:
  - view
- apiGroups:
  - ""
  - apps.openshift.io
  resources:
  - deploymentconfigs
  - deploymentconfigs/scale
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - apps.openshift.io
  resources:
  - deploymentconfigs/log
  - deploymentconfigs/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - image.openshift.io
  resources:
  - imagestreamimages
  - imagestreammappings
  - imagestreams
  - imagestreamtags
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - image.openshift.io
  resources:
  - imagestreams/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - project.openshift.io
  resources:
  - projects
  verbs:
  - get
- apiGroups:
  - ""
  - quota.openshift.io
  resources:
  - appliedclusterresourcequotas
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - route.openshift.io
  resources:
  - routes
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - route.openshift.io
  resources:
  - routes/status
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - template.openshift.io
  resources:
  - processedtemplates
  - templateconfigs
  - templateinstances
  - templates
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - build.openshift.io
  resources:
  - buildlogs
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - resourcequotausages
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - monitoring.coreos.com
  resources:
  - alertmanagers
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - monitoring.coreos.com
  resources:
  - prometheuses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - monitoring.coreos.com
  resources:
  - prometheusrules
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - monitoring.coreos.com
  resources:
  - servicemonitors
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - rolebindings
  - roles
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - authorization.openshift.io
  resources:
  - rolebindings
  - roles
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - authorization.openshift.io
  resources:
  - localresourceaccessreviews
  verbs:
  - create
- apiGroups:
  - ""
  - authorization.openshift.io
  resources:
  - rolebindingrestrictions
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - metrics.k8s.io
  resources:
  - pods
  verbs:
  - get
  - list
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ichp.ing.net
  resources:
  - quotaautoscalers
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resourceNames:
  - prom-tenancy-access-token
  resources:
  - secrets
  verbs:
  - get
  - list