kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/namespace-roles.yaml

apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    creationTimestamp: null
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
    name: system:controller:bootstrap-signer
    namespace: kube-public
  rules:
  - apiGroups:
    - ""
    resources:
    - configmaps
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resourceNames:
    - cluster-info
    resources:
    - configmaps
    verbs:
    - update
  - apiGroups:
    - ""
    - events.k8s.io
    resources:
    - events
    verbs:
    - create
    - patch
    - update
- apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    creationTimestamp: null
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
    name: extension-apiserver-authentication-reader
    namespace: kube-system
  rules:
  - apiGroups:
    - ""
    resourceNames:
    - extension-apiserver-authentication
    resources:
    - configmaps
    verbs:
    - get
    - list
    - watch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    creationTimestamp: null
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
    name: system::leader-locking-kube-controller-manager
    namespace: kube-system
  rules:
  - apiGroups:
    - ""
    resources:
    - configmaps
    verbs:
    - watch
  - apiGroups:
    - ""
    resourceNames:
    - kube-controller-manager
    resources:
    - configmaps
    verbs:
    - get
    - update
  - apiGroups:
    - coordination.k8s.io
    resources:
    - leases
    verbs:
    - create
    - get
    - list
    - update
    - watch
  - apiGroups:
    - coordination.k8s.io
    resources:
    - leasecandidates
    verbs:
    - create
    - get
    - list
    - update
    - watch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    creationTimestamp: null
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
    name: system::leader-locking-kube-scheduler
    namespace: kube-system
  rules:
  - apiGroups:
    - ""
    resources:
    - configmaps
    verbs:
    - watch
  - apiGroups:
    - ""
    resourceNames:
    - kube-scheduler
    resources:
    - configmaps
    verbs:
    - get
    - update
  - apiGroups:
    - coordination.k8s.io
    resources:
    - leases
    verbs:
    - create
    - get
    - list
    - update
    - watch
  - apiGroups:
    - coordination.k8s.io
    resources:
    - leasecandidates
    verbs:
    - create
    - get
    - list
    - update
    - watch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    creationTimestamp: null
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
    name: system:controller:bootstrap-signer
    namespace: kube-system
  rules:
  - apiGroups:
    - ""
    resources:
    - secrets
    verbs:
    - get
    - list
    - watch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    creationTimestamp: null
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
    name: system:controller:cloud-provider
    namespace: kube-system
  rules:
  - apiGroups:
    - ""
    resources:
    - configmaps
    verbs:
    - create
    - get
    - list
    - watch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    creationTimestamp: null
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
    name: system:controller:token-cleaner
    namespace: kube-system
  rules:
  - apiGroups:
    - ""
    resources:
    - secrets
    verbs:
    - delete
    - get
    - list
    - watch
  - apiGroups:
    - ""
    - events.k8s.io
    resources:
    - events
    verbs:
    - create
    - patch
    - update
kind: List
metadata: {}