| kind: Role |
| apiVersion: rbac.authorization.k8s.io/v1 |
| metadata: |
| labels: |
| k8s-app: kubernetes-dashboard |
| addonmanager.kubernetes.io/mode: Reconcile |
| name: kubernetes-dashboard-minimal |
| namespace: kube-system |
| rules: |
| # Allow Dashboard to get, update and delete Dashboard exclusive secrets. |
| - apiGroups: [""] |
| resources: ["secrets"] |
| resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] |
| verbs: ["get", "update", "delete"] |
| # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. |
| - apiGroups: [""] |
| resources: ["configmaps"] |
| resourceNames: ["kubernetes-dashboard-settings"] |
| verbs: ["get", "update"] |
| # Allow Dashboard to get metrics from heapster. |
| - apiGroups: [""] |
| resources: ["services"] |
| resourceNames: ["heapster"] |
| verbs: ["proxy"] |
| - apiGroups: [""] |
| resources: ["services/proxy"] |
| resourceNames: ["heapster", "http:heapster:", "https:heapster:"] |
| verbs: ["get"] |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: RoleBinding |
| metadata: |
| name: kubernetes-dashboard-minimal |
| namespace: kube-system |
| labels: |
| k8s-app: kubernetes-dashboard |
| addonmanager.kubernetes.io/mode: Reconcile |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: kubernetes-dashboard-minimal |
| subjects: |
| - kind: ServiceAccount |
| name: kubernetes-dashboard |
| namespace: kube-system |