vendor/k8s.io/kubernetes/cluster/addons/rbac/cluster-autoscaler/cluster-autoscaler-rbac.yaml - cloudstack-kubernetes-provider - Git at Google

 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cluster-autoscaler
   labels:
     addonmanager.kubernetes.io/mode: Reconcile
 rules:
   # leader election
   - apiGroups: [""]
     resources: ["endpoints"]
     verbs: ["create"]
   - apiGroups: [""]
     resources: ["endpoints"]
     resourceNames: ["cluster-autoscaler"]
     verbs: ["get", "update", "patch", "delete"]
   # accessing & modifying cluster state (nodes & pods)
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get", "list", "watch", "update", "patch"]
   - apiGroups: [""]
     resources: ["pods"]
     verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["pods/eviction"]
     verbs: ["create"]
   # read-only access to cluster state
   - apiGroups: [""]
     resources: ["services", "replicationcontrollers", "persistentvolumes", "persistentvolumeclaims"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["apps", "extensions"]
     resources: ["daemonsets", "replicasets"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["apps"]
     resources: ["statefulsets"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["batch"]
     resources: ["jobs"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["policy"]
     resources: ["poddisruptionbudgets"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["storageclasses"]
     verbs: ["get", "list", "watch"]
   # misc access
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["create", "update", "patch"]
   - apiGroups: [""]
     resources: ["configmaps"]
     verbs: ["create"]
   - apiGroups: [""]
     resources: ["configmaps"]
     resourceNames: ["cluster-autoscaler-status"]
     verbs: ["get", "update", "patch", "delete"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: cluster-autoscaler
   labels:
     addonmanager.kubernetes.io/mode: Reconcile
 subjects:
   - kind: User
     name: cluster-autoscaler
     namespace: kube-system
 roleRef:
   kind: ClusterRole
   name: cluster-autoscaler
   apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: cluster-autoscaler
	labels:
	addonmanager.kubernetes.io/mode: Reconcile
	rules:
	# leader election
	- apiGroups: [""]
	resources: ["endpoints"]
	verbs: ["create"]
	- apiGroups: [""]
	resources: ["endpoints"]
	resourceNames: ["cluster-autoscaler"]
	verbs: ["get", "update", "patch", "delete"]
	# accessing & modifying cluster state (nodes & pods)
	- apiGroups: [""]
	resources: ["nodes"]
	verbs: ["get", "list", "watch", "update", "patch"]
	- apiGroups: [""]
	resources: ["pods"]
	verbs: ["get", "list", "watch"]
	- apiGroups: [""]
	resources: ["pods/eviction"]
	verbs: ["create"]
	# read-only access to cluster state
	- apiGroups: [""]
	resources: ["services", "replicationcontrollers", "persistentvolumes", "persistentvolumeclaims"]
	verbs: ["get", "list", "watch"]
	- apiGroups: ["apps", "extensions"]
	resources: ["daemonsets", "replicasets"]
	verbs: ["get", "list", "watch"]
	- apiGroups: ["apps"]
	resources: ["statefulsets"]
	verbs: ["get", "list", "watch"]
	- apiGroups: ["batch"]
	resources: ["jobs"]
	verbs: ["get", "list", "watch"]
	- apiGroups: ["policy"]
	resources: ["poddisruptionbudgets"]
	verbs: ["get", "list", "watch"]
	- apiGroups: ["storage.k8s.io"]
	resources: ["storageclasses"]
	verbs: ["get", "list", "watch"]
	# misc access
	- apiGroups: [""]
	resources: ["events"]
	verbs: ["create", "update", "patch"]
	- apiGroups: [""]
	resources: ["configmaps"]
	verbs: ["create"]
	- apiGroups: [""]
	resources: ["configmaps"]
	resourceNames: ["cluster-autoscaler-status"]
	verbs: ["get", "update", "patch", "delete"]
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: cluster-autoscaler
	labels:
	addonmanager.kubernetes.io/mode: Reconcile
	subjects:
	- kind: User
	name: cluster-autoscaler
	namespace: kube-system
	roleRef:
	kind: ClusterRole
	name: cluster-autoscaler
	apiGroup: rbac.authorization.k8s.io