mirror of
https://github.com/kubeshark/kubeshark.git
synced 2026-04-22 02:17:08 +00:00
34 lines
861 B
YAML
34 lines
861 B
YAML
# This example shows the roles required for a user to be able to use Mizu in a single namespace with IP resolution disabled.
|
|
kind: Role
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: mizu-runner-role
|
|
namespace: user1
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["get", "list", "watch", "create", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["services"]
|
|
verbs: ["get", "create", "delete"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["daemonsets"]
|
|
verbs: ["get", "create", "patch", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["services/proxy"]
|
|
verbs: ["get"]
|
|
---
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: mizu-runner-rolebindings
|
|
namespace: user1
|
|
subjects:
|
|
- kind: User
|
|
name: user1
|
|
apiGroup: rbac.authorization.k8s.io
|
|
roleRef:
|
|
kind: Role
|
|
name: mizu-runner-role
|
|
apiGroup: rbac.authorization.k8s.io
|