apps/replikate/kustomize/base/rbac.yaml

--- apiVersion: v1 kind: ServiceAccount metadata: name: app --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: app rules: - apiGroups: ["kubeflow.org"] resources: ["profiles", "poddefaults"] verbs: ["create", "get", "list", "update", "patch"] - apiGroups: [""] resources: ["namespaces", "limitranges", "secrets"] verbs: ["create", "get", "update", "patch", "list"] - apiGroups: [""] resources: - secrets - configmaps - configmaps/status - configmaps/logs - events - namespaces - namespaces/status - namespaces/logs verbs: ["*"] - apiGroups: ["networking.istio.io", "rbac.istio.io"] resources: ["gateways", "envoyfilters", "servicerolebindings"] verbs: ["*"] - apiGroups: ["rbac.authorization.k8s.io"] resources: ["roles", "rolebindings", "clusterroles", "clusterrolebindings"] verbs: ["*"] - apiGroups: - serving.kubeflow.org - serving.kserve.io - serving.knative.dev resources: ["*"] verbs: ["*"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: app-default subjects: - kind: ServiceAccount name: app roleRef: kind: ClusterRole name: app apiGroup: rbac.authorization.k8s.io --- # Workaround for error: serviceacccount is attempting # to grant RBAC permissions not currently held apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: app-kserving-edit subjects: - kind: ServiceAccount name: app roleRef: kind: ClusterRole name: kserve-manager-role apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: app-kubeflow-edit subjects: - kind: ServiceAccount name: app roleRef: kind: ClusterRole name: kubeflow-edit apiGroup: rbac.authorization.k8s.io # --- # apiVersion: rbac.authorization.k8s.io/v1 # kind: RoleBinding # metadata: # name: kubeflow-serving-editor # roleRef: # apiGroup: rbac.authorization.k8s.io # kind: ClusterRole # name: kubeflow-kserve-edit # subjects: # - kind: ServiceAccount # name: app # --- # apiVersion: rbac.authorization.k8s.io/v1 # kind: RoleBinding # metadata: # name: kserve-webapp-user # namespace: "{{name}}" # roleRef: # apiGroup: rbac.authorization.k8s.io # kind: ClusterRole # name: kfserving-models-web-app-cluster-role # subjects: # - kind: ServiceAccount # name: app

apps/replikate/kustomize/base/rbac.yaml (76 lines of code) (raw):