From c29421182ee80e8854aedb9b77d3440a5add97e0 Mon Sep 17 00:00:00 2001 From: Doruk Ozturk Date: Mon, 11 Sep 2023 21:31:21 -0400 Subject: [PATCH] fix: Fix security context container bug --- hardeneks/namespace_based/security/iam.py | 14 +- .../bad.yaml | 16 + .../cluster_role_bindings_api_response.json | 1903 ++++ .../cluster/cluster_roles_api_response.json | 7693 +++++++++++++++++ .../cluster/daemon_sets_api_response.json | 8 + .../cluster/deployments_api_response.json | 8 + ...orizontal_pod_autoscaler_api_response.json | 8 + .../cluster/namespaces_api_response.json | 135 + .../network_policies_api_response.json | 8 + .../persistent_volumes_api_response.json | 8 + .../cluster/pods_api_response.json | 364 + .../cluster/resource_quotas_api_response.json | 8 + .../cluster/role_bindings_api_response.json | 8 + .../cluster/roles_api_response.json | 8 + .../cluster/services_api_response.json | 8 + .../cluster/stateful_sets_api_response.json | 8 + .../cluster/storage_classes_api_response.json | 30 + .../good.yaml | 13 + tests/test_security_iam.py | 14 + 19 files changed, 10260 insertions(+), 2 deletions(-) create mode 100644 tests/data/disable_run_as_root_user_container/bad.yaml create mode 100644 tests/data/disable_run_as_root_user_container/cluster/cluster_role_bindings_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/cluster_roles_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/daemon_sets_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/deployments_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/horizontal_pod_autoscaler_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/namespaces_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/network_policies_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/persistent_volumes_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/pods_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/resource_quotas_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/role_bindings_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/roles_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/services_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/stateful_sets_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/cluster/storage_classes_api_response.json create mode 100644 tests/data/disable_run_as_root_user_container/good.yaml diff --git a/hardeneks/namespace_based/security/iam.py b/hardeneks/namespace_based/security/iam.py index 45b5c3c..de4dc90 100644 --- a/hardeneks/namespace_based/security/iam.py +++ b/hardeneks/namespace_based/security/iam.py @@ -73,21 +73,31 @@ class disable_run_as_root_user(Rule): def check(self, namespaced_resources: NamespacedResources): + import pudb; pudb.set_trace() offenders = [] for pod in namespaced_resources.pods: security_context = pod.spec.security_context + containers = pod.spec.containers + if ( not security_context.run_as_group and not security_context.run_as_user ): - offenders.append(pod) - + for con in containers: + security_context = con.security_context + try: + run_as_group = security_context.run_as_group + run_as_user = security_context.run_as_user + except AttributeError: + offenders.append(pod) + self.result = Result( status=True, resource_type="Pod", namespace=namespaced_resources.namespace, ) + if offenders: self.result = Result( status=False, diff --git a/tests/data/disable_run_as_root_user_container/bad.yaml b/tests/data/disable_run_as_root_user_container/bad.yaml new file mode 100644 index 0000000..b30da75 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/bad.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + namespace: test-namespace + name: bad +spec: + containers: + - name: sec-ctx-demo + image: busybox + command: [ "sh", "-c", "sleep 1h" ] + securityContext: + runAsUser: 1000 + runAsGroup: 3000 + - name: sec-ctx-demo-2 + image: busybox + command: [ "sh", "-c", "sleep 1h" ] \ No newline at end of file diff --git a/tests/data/disable_run_as_root_user_container/cluster/cluster_role_bindings_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/cluster_role_bindings_api_response.json new file mode 100644 index 0000000..3df131e --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/cluster_role_bindings_api_response.json @@ -0,0 +1,1903 @@ +{ + "apiVersion": "v1", + "items": [ + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/instance\":\"aws-vpc-cni\",\"app.kubernetes.io/name\":\"aws-node\",\"app.kubernetes.io/version\":\"v1.12.6\",\"k8s-app\":\"aws-node\"},\"name\":\"aws-node\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"aws-node\"},\"subjects\":[{\"kind\":\"ServiceAccount\",\"name\":\"aws-node\",\"namespace\":\"kube-system\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "labels": { + "app.kubernetes.io/instance": "aws-vpc-cni", + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": "aws-node", + "app.kubernetes.io/version": "v1.14.1", + "helm.sh/chart": "aws-vpc-cni-1.14.1", + "k8s-app": "aws-node" + }, + "name": "aws-node", + "resourceVersion": "1527", + "uid": "c67e4d8c-ba47-4ff8-b8a3-82668e457b73" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "aws-node" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "aws-node", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "cluster-admin", + "resourceVersion": "132", + "uid": "ade24be7-3f07-4a8e-a0bd-cce12158ee75" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "cluster-admin" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "system:masters" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:addon-cluster-admin\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"cluster-admin\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:addon-manager\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "name": "eks:addon-cluster-admin", + "resourceVersion": "289", + "uid": "c01c3d8e-95d6-4254-8d6f-00cc2151c117" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "cluster-admin" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:addon-manager" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:addon-manager\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:addon-manager\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:addon-manager\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "name": "eks:addon-manager", + "resourceVersion": "288", + "uid": "99583044-c4b4-4118-ad06-c139ff30f268" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:addon-manager" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:addon-manager" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:az-poller\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:az-poller\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:az-poller\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:az-poller", + "resourceVersion": "211", + "uid": "fa641bb8-a8e1-480d-a07b-b8fe41c23513" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:az-poller" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:az-poller" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:certificate-controller\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"system:controller:certificate-controller\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:certificate-controller\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:certificate-controller", + "resourceVersion": "216", + "uid": "d595dd4e-cb58-4ae1-a4f2-f679c90954e6" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:certificate-controller" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:certificate-controller" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:certificate-controller-approver\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:certificate-controller-approver\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:certificate-controller\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:certificate-controller-approver", + "resourceVersion": "218", + "uid": "f2cb295d-2129-4c7a-a42a-d73675519896" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:certificate-controller-approver" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:certificate-controller" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:certificate-controller-signer\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:certificate-controller-signer\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:certificate-controller\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:certificate-controller-signer", + "resourceVersion": "219", + "uid": "8eb09f13-efe5-4b8e-bc1e-9a1f6770dfd0" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:certificate-controller-signer" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:certificate-controller" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:cloud-controller-manager\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:cloud-controller-manager\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:cloud-controller-manager\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:cloud-controller-manager", + "resourceVersion": "200", + "uid": "ee7f371e-221c-4b66-85d5-4152b8ee604d" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:cloud-controller-manager" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:cloud-controller-manager" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:cloud-provider-extraction-migration\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:cloud-provider-extraction-migration\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"system:kube-controller-manager\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:14Z", + "name": "eks:cloud-provider-extraction-migration", + "resourceVersion": "238", + "uid": "44532715-3c3b-4d88-8af0-e8bd6babcede" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:cloud-provider-extraction-migration" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "system:kube-controller-manager" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:cloudwatch-agent-role-binding\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:cloudwatch-agent-role\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:cloudwatch-agent\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:cloudwatch-agent-role-binding", + "resourceVersion": "203", + "uid": "66f7e24a-c0e9-4ffd-bce3-50cba1fc91ef" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:cloudwatch-agent-role" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:cloudwatch-agent" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:cluster-event-watcher\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:cluster-event-watcher\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:cluster-event-watcher\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:cluster-event-watcher", + "resourceVersion": "223", + "uid": "24270f17-48cd-46d1-97c7-370fd4a36e4a" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:cluster-event-watcher" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:cluster-event-watcher" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:fargate-manager\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:fargate-manager\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:fargate-manager\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "name": "eks:fargate-manager", + "resourceVersion": "308", + "uid": "7808186a-8888-4354-b708-140f1b4fae0e" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:fargate-manager" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:fargate-manager" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:fargate-scheduler\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:fargate-scheduler\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:fargate-scheduler\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:fargate-scheduler", + "resourceVersion": "225", + "uid": "61afe555-fef8-47e0-8993-064896056430" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:fargate-scheduler" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:fargate-scheduler" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:k8s-metrics\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:k8s-metrics\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:k8s-metrics\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:k8s-metrics", + "resourceVersion": "229", + "uid": "8abcbd11-bada-4d9b-afa9-1ea74d1def40" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:k8s-metrics" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:k8s-metrics" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"labels\":{\"eks.amazonaws.com/component\":\"kube-proxy\",\"k8s-app\":\"kube-proxy\"},\"name\":\"eks:kube-proxy\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"system:node-proxier\"},\"subjects\":[{\"kind\":\"ServiceAccount\",\"name\":\"kube-proxy\",\"namespace\":\"kube-system\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "labels": { + "eks.amazonaws.com/component": "kube-proxy", + "k8s-app": "kube-proxy" + }, + "name": "eks:kube-proxy", + "resourceVersion": "315", + "uid": "0119e2d5-8ff9-4410-be3a-e4b6d2919d55" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:node-proxier" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "kube-proxy", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:kube-proxy-fargate\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"system:node-proxier\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"Group\",\"name\":\"system:node-proxier\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "name": "eks:kube-proxy-fargate", + "resourceVersion": "307", + "uid": "6a97caef-2c6e-4601-806c-987d4e353bb6" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:node-proxier" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "system:node-proxier" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"labels\":{\"eks.amazonaws.com/component\":\"kube-proxy\",\"k8s-app\":\"kube-proxy\"},\"name\":\"eks:kube-proxy-windows\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"system:node-proxier\"},\"subjects\":[{\"kind\":\"Group\",\"name\":\"eks:kube-proxy-windows\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "labels": { + "eks.amazonaws.com/component": "kube-proxy", + "k8s-app": "kube-proxy" + }, + "name": "eks:kube-proxy-windows", + "resourceVersion": "304", + "uid": "95f6184f-4c15-403f-87ad-14aca75814c5" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:node-proxier" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "eks:kube-proxy-windows" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/component\":\"rbac\",\"app.kubernetes.io/created-by\":\"amazon-network-policy-controller-k8s\",\"app.kubernetes.io/instance\":\"manager-rolebinding\",\"app.kubernetes.io/name\":\"amazon-network-policy-controller-k8s\",\"app.kubernetes.io/part-of\":\"amazon-network-policy-controller-k8s\"},\"name\":\"eks:network-policy-controller\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:network-policy-controller\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:network-policy-controller\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:25Z", + "labels": { + "app.kubernetes.io/component": "rbac", + "app.kubernetes.io/created-by": "amazon-network-policy-controller-k8s", + "app.kubernetes.io/instance": "manager-rolebinding", + "app.kubernetes.io/name": "amazon-network-policy-controller-k8s", + "app.kubernetes.io/part-of": "amazon-network-policy-controller-k8s" + }, + "name": "eks:network-policy-controller", + "resourceVersion": "393", + "uid": "a84d5ecb-4781-4d41-8586-7f88da2147f1" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:network-policy-controller" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:network-policy-controller" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"labels\":{\"eks.amazonaws.com/component\":\"node\"},\"name\":\"eks:node-bootstrapper\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:node-bootstrapper\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"Group\",\"name\":\"system:bootstrappers\"},{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"Group\",\"name\":\"system:nodes\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "labels": { + "eks.amazonaws.com/component": "node" + }, + "name": "eks:node-bootstrapper", + "resourceVersion": "317", + "uid": "473ef22e-f1b6-4f51-a98c-ecac79da4981" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:node-bootstrapper" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "system:bootstrappers" + }, + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "system:nodes" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:node-manager\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:node-manager\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:node-manager\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "name": "eks:node-manager", + "resourceVersion": "285", + "uid": "9f508a66-6092-4e0c-bcd7-f8a3e9eb68c8" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:node-manager" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:node-manager" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:nodewatcher\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:nodewatcher\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:nodewatcher\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:nodewatcher", + "resourceVersion": "231", + "uid": "26c4902d-d4e1-40fb-ae00-1be4eb5085f0" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:nodewatcher" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:nodewatcher" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:pod-identity-mutating-webhook\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:pod-identity-mutating-webhook\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:pod-identity-mutating-webhook\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:pod-identity-mutating-webhook", + "resourceVersion": "233", + "uid": "6122cd4d-ccd0-4874-9e6f-2b2a995d4466" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:pod-identity-mutating-webhook" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:pod-identity-mutating-webhook" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:service-operations\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:service-operations\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"Group\",\"name\":\"eks:service-operations\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:service-operations", + "resourceVersion": "235", + "uid": "9b27d071-cd09-48e8-a0e2-37312c5355d2" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:service-operations" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "eks:service-operations" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"eks:tagging-controller\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"eks:tagging-controller\"},\"subjects\":[{\"kind\":\"ServiceAccount\",\"name\":\"tagging-controller\",\"namespace\":\"kube-system\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:14Z", + "name": "eks:tagging-controller", + "resourceVersion": "241", + "uid": "908061f7-09b5-44bf-942e-bf91acf0f5e7" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "eks:tagging-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "tagging-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:basic-user", + "resourceVersion": "135", + "uid": "367166fd-fa1e-4759-b439-7715b3ec3efa" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:basic-user" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "system:authenticated" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:attachdetach-controller", + "resourceVersion": "144", + "uid": "fa5a6f04-9e0d-443b-bdc0-334a478494af" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:attachdetach-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "attachdetach-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:certificate-controller", + "resourceVersion": "170", + "uid": "ea2e0008-1efe-4920-a316-0d22902daf76" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:certificate-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "certificate-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:clusterrole-aggregation-controller", + "resourceVersion": "145", + "uid": "f100e439-4c2f-4c5a-a6f9-dd27b3c917ec" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:clusterrole-aggregation-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "clusterrole-aggregation-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:cronjob-controller", + "resourceVersion": "146", + "uid": "b8c23011-7ba1-4061-8841-327fc82066e2" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:cronjob-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "cronjob-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:daemon-set-controller", + "resourceVersion": "147", + "uid": "a0d300a6-2d4f-4707-8828-040d856e4d04" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:daemon-set-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "daemon-set-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:deployment-controller", + "resourceVersion": "148", + "uid": "7ded11f3-9dbd-4f8e-8e2d-dde8e6c51c4e" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:deployment-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "deployment-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:disruption-controller", + "resourceVersion": "149", + "uid": "6db672e1-0bb5-45d8-9b51-64055de7ff42" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:disruption-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "disruption-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:endpoint-controller", + "resourceVersion": "150", + "uid": "7114484d-850c-414b-ac31-c74c19aac3b0" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:endpoint-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "endpoint-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:endpointslice-controller", + "resourceVersion": "151", + "uid": "eb0ad073-bf79-49ed-af2e-63317c0c34fc" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:endpointslice-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "endpointslice-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:endpointslicemirroring-controller", + "resourceVersion": "152", + "uid": "7dd99b41-918b-46f3-9fe3-34e4a5feca24" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:endpointslicemirroring-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "endpointslicemirroring-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:ephemeral-volume-controller", + "resourceVersion": "154", + "uid": "c99db44a-9dfe-477e-9ef4-307bb23778d6" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:ephemeral-volume-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "ephemeral-volume-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:expand-controller", + "resourceVersion": "153", + "uid": "73ca9414-f97e-4969-9a18-1ce533a26fe9" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:expand-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "expand-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:generic-garbage-collector", + "resourceVersion": "155", + "uid": "90a9af91-4f46-499c-9cd2-09fd4df66329" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:generic-garbage-collector" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "generic-garbage-collector", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:horizontal-pod-autoscaler", + "resourceVersion": "156", + "uid": "26440b32-a0a1-45ab-b4e1-2ccd51835d3a" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:horizontal-pod-autoscaler" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "horizontal-pod-autoscaler", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:job-controller", + "resourceVersion": "157", + "uid": "bc2df578-f891-47e7-9f50-61dd82e4f203" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:job-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "job-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:namespace-controller", + "resourceVersion": "158", + "uid": "06ef1db8-6e65-47fc-ac14-c553b962e34c" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:namespace-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "namespace-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:node-controller", + "resourceVersion": "159", + "uid": "cfebad81-421b-439d-b2a3-6842862cd905" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:node-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "node-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:persistent-volume-binder", + "resourceVersion": "160", + "uid": "994fb5eb-3f5a-4066-9bb7-095ce312caaa" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:persistent-volume-binder" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "persistent-volume-binder", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:pod-garbage-collector", + "resourceVersion": "161", + "uid": "d2cc1d71-b015-4207-bd39-500c2b6a34f4" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:pod-garbage-collector" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "pod-garbage-collector", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:pv-protection-controller", + "resourceVersion": "172", + "uid": "e15d96e5-b2a8-4de3-9687-332347c132b4" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:pv-protection-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "pv-protection-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:pvc-protection-controller", + "resourceVersion": "171", + "uid": "a3665f9b-c2bc-48e0-83d5-b8a6ffa8c229" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:pvc-protection-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "pvc-protection-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:replicaset-controller", + "resourceVersion": "162", + "uid": "f0654c9f-cc3c-4ee9-ae9a-9d71fc464b4f" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:replicaset-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "replicaset-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:replication-controller", + "resourceVersion": "163", + "uid": "7ea6dfa5-7d2b-43ae-b74a-f28b3adc9dc1" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:replication-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "replication-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:resourcequota-controller", + "resourceVersion": "164", + "uid": "16d76295-00c3-4b98-be87-2bf2d6bd98d0" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:resourcequota-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "resourcequota-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:root-ca-cert-publisher", + "resourceVersion": "174", + "uid": "6f6996cf-a44b-4a09-aa9d-a5ad11617080" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:root-ca-cert-publisher" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "root-ca-cert-publisher", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:route-controller", + "resourceVersion": "165", + "uid": "533d00cd-5e90-4138-8169-e0a21abb5797" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:route-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "route-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:service-account-controller", + "resourceVersion": "166", + "uid": "bdbbd6e1-6081-4ad5-8968-c716c9721169" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:service-account-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "service-account-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:service-controller", + "resourceVersion": "167", + "uid": "4c54806b-739c-4fb3-b16e-f6a48d644952" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:service-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "service-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:statefulset-controller", + "resourceVersion": "168", + "uid": "5e4f0e4b-ee65-48f1-8992-baf1ba663797" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:statefulset-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "statefulset-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:ttl-after-finished-controller", + "resourceVersion": "173", + "uid": "68fe60de-ffa4-4952-b112-aec41fd5ff3f" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:ttl-after-finished-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "ttl-after-finished-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:ttl-controller", + "resourceVersion": "169", + "uid": "1da2bceb-8ac9-4a58-9dcc-4694a19990d7" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:controller:ttl-controller" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "ttl-controller", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{\"rbac.authorization.kubernetes.io/autoupdate\":\"true\"},\"labels\":{\"eks.amazonaws.com/component\":\"coredns\",\"k8s-app\":\"kube-dns\",\"kubernetes.io/bootstrapping\":\"rbac-defaults\"},\"name\":\"system:coredns\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"system:coredns\"},\"subjects\":[{\"kind\":\"ServiceAccount\",\"name\":\"coredns\",\"namespace\":\"kube-system\"}]}\n", + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "labels": { + "eks.amazonaws.com/component": "coredns", + "k8s-app": "kube-dns", + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:coredns", + "resourceVersion": "295", + "uid": "f2825cdb-d205-497d-acec-2b9ed6aeff5e" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:coredns" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "coredns", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:discovery", + "resourceVersion": "134", + "uid": "5f860329-ada7-4d00-a2d1-e56dba04cc0f" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:discovery" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "system:authenticated" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:kube-controller-manager", + "resourceVersion": "138", + "uid": "e09689bd-970e-4922-a697-1c08641153a6" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:kube-controller-manager" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "system:kube-controller-manager" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:kube-dns", + "resourceVersion": "139", + "uid": "cfc5fa6a-4926-4666-b26c-b9da61dc2796" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:kube-dns" + }, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "kube-dns", + "namespace": "kube-system" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:kube-scheduler", + "resourceVersion": "140", + "uid": "ac7a4462-2ec9-47f3-9c94-f1bc1dbd7bc6" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:kube-scheduler" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "system:kube-scheduler" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:monitoring", + "resourceVersion": "133", + "uid": "563ae462-a3d9-46c1-a5cc-3115e3d2b7e5" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:monitoring" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "system:monitoring" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:node", + "resourceVersion": "142", + "uid": "41d72f64-7581-4712-89ee-d56c2362f500" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:node" + } + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:node-proxier", + "resourceVersion": "137", + "uid": "b7f184f2-8d04-4b8e-8ce6-35ab777bf49a" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:node-proxier" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "system:kube-proxy" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:public-info-viewer", + "resourceVersion": "136", + "uid": "04049dc3-5b67-4aa7-b369-67a5a3ba684e" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:public-info-viewer" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "system:authenticated" + }, + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "system:unauthenticated" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:service-account-issuer-discovery", + "resourceVersion": "143", + "uid": "e08c329e-e10a-486e-b2fd-93dabc0c1f8b" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:service-account-issuer-discovery" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "Group", + "name": "system:serviceaccounts" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:volume-scheduler", + "resourceVersion": "141", + "uid": "64ef65bc-1d8c-4a46-9ff0-db27848295b8" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "system:volume-scheduler" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "system:kube-scheduler" + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRoleBinding", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRoleBinding\",\"metadata\":{\"annotations\":{},\"name\":\"vpc-resource-controller-rolebinding\"},\"roleRef\":{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"ClusterRole\",\"name\":\"vpc-resource-controller-role\"},\"subjects\":[{\"apiGroup\":\"rbac.authorization.k8s.io\",\"kind\":\"User\",\"name\":\"eks:vpc-resource-controller\"},{\"kind\":\"ServiceAccount\",\"name\":\"eks-vpc-resource-controller\",\"namespace\":\"kube-system\"}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:24Z", + "name": "vpc-resource-controller-rolebinding", + "resourceVersion": "379", + "uid": "9f2eb6e6-bca2-4f58-880a-0a6680cf5a24" + }, + "roleRef": { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "ClusterRole", + "name": "vpc-resource-controller-role" + }, + "subjects": [ + { + "apiGroup": "rbac.authorization.k8s.io", + "kind": "User", + "name": "eks:vpc-resource-controller" + }, + { + "kind": "ServiceAccount", + "name": "eks-vpc-resource-controller", + "namespace": "kube-system" + } + ] + } + ], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/cluster_roles_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/cluster_roles_api_response.json new file mode 100644 index 0000000..9f46869 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/cluster_roles_api_response.json @@ -0,0 +1,7693 @@ +{ + "apiVersion": "v1", + "items": [ + { + "aggregationRule": { + "clusterRoleSelectors": [ + { + "matchLabels": { + "rbac.authorization.k8s.io/aggregate-to-admin": "true" + } + } + ] + }, + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "admin", + "resourceVersion": "342", + "uid": "857fb82b-a29a-41e5-b16b-394bbd2d5ee3" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/attach", + "pods/exec", + "pods/portforward", + "pods/proxy", + "secrets", + "services/proxy" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts" + ], + "verbs": [ + "impersonate" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods", + "pods/attach", + "pods/exec", + "pods/portforward", + "pods/proxy" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/eviction" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "events", + "persistentvolumeclaims", + "replicationcontrollers", + "replicationcontrollers/scale", + "secrets", + "serviceaccounts", + "services", + "services/proxy" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts/token" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "daemonsets", + "deployments", + "deployments/rollback", + "deployments/scale", + "replicasets", + "replicasets/scale", + "statefulsets", + "statefulsets/scale" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "autoscaling" + ], + "resources": [ + "horizontalpodautoscalers" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "cronjobs", + "jobs" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "extensions" + ], + "resources": [ + "daemonsets", + "deployments", + "deployments/rollback", + "deployments/scale", + "ingresses", + "networkpolicies", + "replicasets", + "replicasets/scale", + "replicationcontrollers/scale" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "poddisruptionbudgets" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses", + "networkpolicies" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "endpoints", + "persistentvolumeclaims", + "persistentvolumeclaims/status", + "pods", + "replicationcontrollers", + "replicationcontrollers/scale", + "serviceaccounts", + "services", + "services/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "bindings", + "events", + "limitranges", + "namespaces/status", + "pods/log", + "pods/status", + "replicationcontrollers/status", + "resourcequotas", + "resourcequotas/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "namespaces" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "controllerrevisions", + "daemonsets", + "daemonsets/status", + "deployments", + "deployments/scale", + "deployments/status", + "replicasets", + "replicasets/scale", + "replicasets/status", + "statefulsets", + "statefulsets/scale", + "statefulsets/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "autoscaling" + ], + "resources": [ + "horizontalpodautoscalers", + "horizontalpodautoscalers/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "cronjobs", + "cronjobs/status", + "jobs", + "jobs/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "extensions" + ], + "resources": [ + "daemonsets", + "daemonsets/status", + "deployments", + "deployments/scale", + "deployments/status", + "ingresses", + "ingresses/status", + "networkpolicies", + "replicasets", + "replicasets/scale", + "replicasets/status", + "replicationcontrollers/scale" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "poddisruptionbudgets", + "poddisruptionbudgets/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses", + "ingresses/status", + "networkpolicies" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "authorization.k8s.io" + ], + "resources": [ + "localsubjectaccessreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "rbac.authorization.k8s.io" + ], + "resources": [ + "rolebindings", + "roles" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "get", + "list", + "patch", + "update", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/instance\":\"aws-vpc-cni\",\"app.kubernetes.io/name\":\"aws-node\",\"app.kubernetes.io/version\":\"v1.12.6\",\"k8s-app\":\"aws-node\"},\"name\":\"aws-node\"},\"rules\":[{\"apiGroups\":[\"crd.k8s.amazonaws.com\"],\"resources\":[\"eniconfigs\"],\"verbs\":[\"list\",\"watch\",\"get\"]},{\"apiGroups\":[\"\"],\"resources\":[\"namespaces\"],\"verbs\":[\"list\",\"watch\",\"get\"]},{\"apiGroups\":[\"\"],\"resources\":[\"pods\"],\"verbs\":[\"list\",\"watch\",\"get\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes\"],\"verbs\":[\"list\",\"watch\",\"get\",\"update\"]},{\"apiGroups\":[\"extensions\"],\"resources\":[\"*\"],\"verbs\":[\"list\",\"watch\"]},{\"apiGroups\":[\"\",\"events.k8s.io\"],\"resources\":[\"events\"],\"verbs\":[\"create\",\"patch\",\"list\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "labels": { + "app.kubernetes.io/instance": "aws-vpc-cni", + "app.kubernetes.io/managed-by": "Helm", + "app.kubernetes.io/name": "aws-node", + "app.kubernetes.io/version": "v1.14.1", + "helm.sh/chart": "aws-vpc-cni-1.14.1", + "k8s-app": "aws-node" + }, + "name": "aws-node", + "resourceVersion": "1523", + "uid": "a6b45658-fac6-452a-b5f0-e8a7d55d416e" + }, + "rules": [ + { + "apiGroups": [ + "crd.k8s.amazonaws.com" + ], + "resources": [ + "eniconfigs" + ], + "verbs": [ + "list", + "watch", + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "namespaces" + ], + "verbs": [ + "list", + "watch", + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "list", + "watch", + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "list", + "watch", + "get", + "update" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "list" + ] + }, + { + "apiGroups": [ + "networking.k8s.aws" + ], + "resources": [ + "policyendpoints" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "networking.k8s.aws" + ], + "resources": [ + "policyendpoints/status" + ], + "verbs": [ + "get" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "cluster-admin", + "resourceVersion": "70", + "uid": "3848ba9d-babf-40f9-8b20-4a9b9970627c" + }, + "rules": [ + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "*" + ] + }, + { + "nonResourceURLs": [ + "*" + ], + "verbs": [ + "*" + ] + } + ] + }, + { + "aggregationRule": { + "clusterRoleSelectors": [ + { + "matchLabels": { + "rbac.authorization.k8s.io/aggregate-to-edit": "true" + } + } + ] + }, + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults", + "rbac.authorization.k8s.io/aggregate-to-admin": "true" + }, + "name": "edit", + "resourceVersion": "340", + "uid": "684d79c4-adb6-4761-99fb-afca46bfd3ba" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/attach", + "pods/exec", + "pods/portforward", + "pods/proxy", + "secrets", + "services/proxy" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts" + ], + "verbs": [ + "impersonate" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods", + "pods/attach", + "pods/exec", + "pods/portforward", + "pods/proxy" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/eviction" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "events", + "persistentvolumeclaims", + "replicationcontrollers", + "replicationcontrollers/scale", + "secrets", + "serviceaccounts", + "services", + "services/proxy" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts/token" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "daemonsets", + "deployments", + "deployments/rollback", + "deployments/scale", + "replicasets", + "replicasets/scale", + "statefulsets", + "statefulsets/scale" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "autoscaling" + ], + "resources": [ + "horizontalpodautoscalers" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "cronjobs", + "jobs" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "extensions" + ], + "resources": [ + "daemonsets", + "deployments", + "deployments/rollback", + "deployments/scale", + "ingresses", + "networkpolicies", + "replicasets", + "replicasets/scale", + "replicationcontrollers/scale" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "poddisruptionbudgets" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses", + "networkpolicies" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "endpoints", + "persistentvolumeclaims", + "persistentvolumeclaims/status", + "pods", + "replicationcontrollers", + "replicationcontrollers/scale", + "serviceaccounts", + "services", + "services/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "bindings", + "events", + "limitranges", + "namespaces/status", + "pods/log", + "pods/status", + "replicationcontrollers/status", + "resourcequotas", + "resourcequotas/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "namespaces" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "controllerrevisions", + "daemonsets", + "daemonsets/status", + "deployments", + "deployments/scale", + "deployments/status", + "replicasets", + "replicasets/scale", + "replicasets/status", + "statefulsets", + "statefulsets/scale", + "statefulsets/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "autoscaling" + ], + "resources": [ + "horizontalpodautoscalers", + "horizontalpodautoscalers/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "cronjobs", + "cronjobs/status", + "jobs", + "jobs/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "extensions" + ], + "resources": [ + "daemonsets", + "daemonsets/status", + "deployments", + "deployments/scale", + "deployments/status", + "ingresses", + "ingresses/status", + "networkpolicies", + "replicasets", + "replicasets/scale", + "replicasets/status", + "replicationcontrollers/scale" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "poddisruptionbudgets", + "poddisruptionbudgets/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses", + "ingresses/status", + "networkpolicies" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:addon-manager\"},\"rules\":[{\"apiGroups\":[\"crd.k8s.amazonaws.com\"],\"resources\":[\"eniconfigs\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"pods\",\"namespaces\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes\"],\"verbs\":[\"get\",\"list\",\"update\",\"watch\"]},{\"apiGroups\":[\"extensions\"],\"resources\":[\"*\"],\"verbs\":[\"list\",\"watch\"]},{\"apiGroups\":[\"rbac.authorization.k8s.io\"],\"resourceNames\":[\"aws-node\",\"system:coredns\",\"eks:kube-proxy\",\"ebs-csi-provisioner-binding\",\"ebs-csi-node-binding\",\"ebs-csi-attacher-binding\",\"ebs-csi-snapshotter-binding\",\"ebs-csi-resizer-binding\",\"ebs-csi-node-getter-binding\"],\"resources\":[\"clusterrolebindings\"],\"verbs\":[\"create\",\"delete\",\"get\",\"list\",\"patch\",\"update\",\"watch\"]},{\"apiGroups\":[\"rbac.authorization.k8s.io\"],\"resourceNames\":[\"aws-node\",\"system:coredns\",\"ebs-external-attacher-role\",\"ebs-csi-node-role\",\"ebs-external-provisioner-role\",\"ebs-external-snapshotter-role\",\"ebs-external-resizer-role\"],\"resources\":[\"clusterroles\"],\"verbs\":[\"create\",\"delete\",\"get\",\"list\",\"patch\",\"update\",\"watch\"]},{\"apiGroups\":[\"apiextensions.k8s.io\"],\"resourceNames\":[\"eniconfigs.crd.k8s.amazonaws.com\"],\"resources\":[\"customresourcedefinitions\"],\"verbs\":[\"create\",\"delete\",\"get\",\"list\",\"patch\",\"update\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"endpoints\"],\"verbs\":[\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"events\"],\"verbs\":[\"list\",\"watch\",\"create\",\"patch\",\"update\"]},{\"apiGroups\":[\"\"],\"resources\":[\"services\"],\"verbs\":[\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"secrets\"],\"verbs\":[\"get\",\"list\"]},{\"apiGroups\":[\"discovery.k8s.io\"],\"resources\":[\"endpointslices\"],\"verbs\":[\"list\",\"watch\"]},{\"apiGroups\":[\"events.k8s.io\"],\"resources\":[\"events\"],\"verbs\":[\"list\",\"watch\",\"create\",\"patch\",\"update\"]},{\"apiGroups\":[\"apps\"],\"resources\":[\"replicasets\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"storage.k8s.io\"],\"resourceNames\":[\"ebs.csi.aws.com\"],\"resources\":[\"csidrivers\"],\"verbs\":[\"create\",\"delete\",\"get\",\"list\",\"patch\",\"update\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"persistentvolumes\"],\"verbs\":[\"create\",\"delete\",\"get\",\"list\",\"watch\",\"update\",\"patch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"persistentvolumeclaims\"],\"verbs\":[\"get\",\"list\",\"watch\",\"update\"]},{\"apiGroups\":[\"\"],\"resources\":[\"persistentvolumeclaims/status\"],\"verbs\":[\"update\",\"patch\"]},{\"apiGroups\":[\"csi.storage.k8s.io\"],\"resources\":[\"csinodeinfos\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"storage.k8s.io\"],\"resources\":[\"storageclasses\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"storage.k8s.io\"],\"resources\":[\"volumeattachments\"],\"verbs\":[\"get\",\"list\",\"watch\",\"update\",\"patch\"]},{\"apiGroups\":[\"storage.k8s.io\"],\"resources\":[\"volumeattachments/status\"],\"verbs\":[\"patch\"]},{\"apiGroups\":[\"snapshot.storage.k8s.io\"],\"resources\":[\"volumesnapshots\"],\"verbs\":[\"get\",\"list\"]},{\"apiGroups\":[\"snapshot.storage.k8s.io\"],\"resources\":[\"volumesnapshotcontents\"],\"verbs\":[\"create\",\"get\",\"list\",\"watch\",\"update\",\"delete\",\"patch\"]},{\"apiGroups\":[\"snapshot.storage.k8s.io\"],\"resources\":[\"volumesnapshotclasses\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"snapshot.storage.k8s.io\"],\"resources\":[\"volumesnapshotcontents/status\"],\"verbs\":[\"update\"]},{\"apiGroups\":[\"storage.k8s.io\"],\"resources\":[\"csinodes\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"coordination.k8s.io\"],\"resources\":[\"leases\"],\"verbs\":[\"get\",\"watch\",\"list\",\"delete\",\"update\",\"create\"]},{\"apiGroups\":[\"storage.k8s.io\"],\"resources\":[\"volumeattachments\"],\"verbs\":[\"get\",\"list\",\"watch\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "name": "eks:addon-manager", + "resourceVersion": "290", + "uid": "e6ed7122-962f-411a-9931-f2d202fe75d5" + }, + "rules": [ + { + "apiGroups": [ + "crd.k8s.amazonaws.com" + ], + "resources": [ + "eniconfigs" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods", + "namespaces" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "extensions" + ], + "resources": [ + "*" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "rbac.authorization.k8s.io" + ], + "resourceNames": [ + "aws-node", + "system:coredns", + "eks:kube-proxy", + "ebs-csi-provisioner-binding", + "ebs-csi-node-binding", + "ebs-csi-attacher-binding", + "ebs-csi-snapshotter-binding", + "ebs-csi-resizer-binding", + "ebs-csi-node-getter-binding" + ], + "resources": [ + "clusterrolebindings" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "rbac.authorization.k8s.io" + ], + "resourceNames": [ + "aws-node", + "system:coredns", + "ebs-external-attacher-role", + "ebs-csi-node-role", + "ebs-external-provisioner-role", + "ebs-external-snapshotter-role", + "ebs-external-resizer-role" + ], + "resources": [ + "clusterroles" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "apiextensions.k8s.io" + ], + "resourceNames": [ + "eniconfigs.crd.k8s.amazonaws.com" + ], + "resources": [ + "customresourcedefinitions" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "events" + ], + "verbs": [ + "list", + "watch", + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "services" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "secrets" + ], + "verbs": [ + "get", + "list" + ] + }, + { + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "list", + "watch", + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "replicasets" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resourceNames": [ + "ebs.csi.aws.com" + ], + "resources": [ + "csidrivers" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumes" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "watch", + "update", + "patch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims" + ], + "verbs": [ + "get", + "list", + "watch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims/status" + ], + "verbs": [ + "update", + "patch" + ] + }, + { + "apiGroups": [ + "csi.storage.k8s.io" + ], + "resources": [ + "csinodeinfos" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "storageclasses" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "volumeattachments" + ], + "verbs": [ + "get", + "list", + "watch", + "update", + "patch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "volumeattachments/status" + ], + "verbs": [ + "patch" + ] + }, + { + "apiGroups": [ + "snapshot.storage.k8s.io" + ], + "resources": [ + "volumesnapshots" + ], + "verbs": [ + "get", + "list" + ] + }, + { + "apiGroups": [ + "snapshot.storage.k8s.io" + ], + "resources": [ + "volumesnapshotcontents" + ], + "verbs": [ + "create", + "get", + "list", + "watch", + "update", + "delete", + "patch" + ] + }, + { + "apiGroups": [ + "snapshot.storage.k8s.io" + ], + "resources": [ + "volumesnapshotclasses" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "snapshot.storage.k8s.io" + ], + "resources": [ + "volumesnapshotcontents/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "csinodes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "verbs": [ + "get", + "watch", + "list", + "delete", + "update", + "create" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "volumeattachments" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:az-poller\"},\"rules\":[{\"apiGroups\":[\"\"],\"resourceNames\":[\"kubernetes\"],\"resources\":[\"endpoints\"],\"verbs\":[\"get\",\"update\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:az-poller", + "resourceVersion": "204", + "uid": "bd76a012-27d9-4655-9460-009d5af3fffd" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resourceNames": [ + "kubernetes" + ], + "resources": [ + "endpoints" + ], + "verbs": [ + "get", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:certificate-controller-approver\"},\"rules\":[{\"apiGroups\":[\"certificates.k8s.io\"],\"resourceNames\":[\"kubernetes.io/kubelet-serving\"],\"resources\":[\"signers\"],\"verbs\":[\"approve\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:certificate-controller-approver", + "resourceVersion": "213", + "uid": "28798979-057e-47ab-b6db-f55a7042300b" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resourceNames": [ + "kubernetes.io/kubelet-serving" + ], + "resources": [ + "signers" + ], + "verbs": [ + "approve" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:certificate-controller-signer\"},\"rules\":[{\"apiGroups\":[\"certificates.k8s.io\"],\"resourceNames\":[\"beta.eks.amazonaws.com/app-serving\"],\"resources\":[\"signers\"],\"verbs\":[\"sign\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:certificate-controller-signer", + "resourceVersion": "214", + "uid": "24a662c5-895a-42bf-9002-d44ccc3d28cc" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resourceNames": [ + "beta.eks.amazonaws.com/app-serving" + ], + "resources": [ + "signers" + ], + "verbs": [ + "sign" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:cloud-controller-manager\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"events\"],\"verbs\":[\"create\",\"patch\",\"update\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes\"],\"verbs\":[\"*\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes/status\"],\"verbs\":[\"patch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"services\"],\"verbs\":[\"list\",\"patch\",\"update\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"services/status\"],\"verbs\":[\"list\",\"patch\",\"update\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"serviceaccounts\"],\"verbs\":[\"create\",\"get\"]},{\"apiGroups\":[\"\"],\"resources\":[\"persistentvolumes\"],\"verbs\":[\"get\",\"list\",\"update\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"endpoints\"],\"verbs\":[\"create\",\"get\",\"list\",\"watch\",\"update\"]},{\"apiGroups\":[\"coordination.k8s.io\"],\"resources\":[\"leases\"],\"verbs\":[\"create\",\"get\",\"list\",\"watch\",\"update\"]},{\"apiGroups\":[\"\"],\"resources\":[\"serviceaccounts/token\"],\"verbs\":[\"create\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:cloud-controller-manager", + "resourceVersion": "199", + "uid": "f32d7b0d-f23f-455c-8ab9-9cff8bc3856c" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "*" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes/status" + ], + "verbs": [ + "patch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "services" + ], + "verbs": [ + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "services/status" + ], + "verbs": [ + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts" + ], + "verbs": [ + "create", + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumes" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints" + ], + "verbs": [ + "create", + "get", + "list", + "watch", + "update" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "verbs": [ + "create", + "get", + "list", + "watch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts/token" + ], + "verbs": [ + "create" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:cloud-provider-extraction-migration\"},\"rules\":[{\"apiGroups\":[\"coordination.k8s.io\"],\"resources\":[\"leases\"],\"verbs\":[\"create\"]},{\"apiGroups\":[\"coordination.k8s.io\"],\"resourceNames\":[\"cloud-provider-extraction-migration\"],\"resources\":[\"leases\"],\"verbs\":[\"create\",\"list\",\"get\",\"update\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:14Z", + "name": "eks:cloud-provider-extraction-migration", + "resourceVersion": "239", + "uid": "81dedbc0-8364-4ca2-8444-7c7d95e73b7e" + }, + "rules": [ + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resourceNames": [ + "cloud-provider-extraction-migration" + ], + "resources": [ + "leases" + ], + "verbs": [ + "create", + "list", + "get", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:cloudwatch-agent-role\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"pods\",\"nodes\",\"endpoints\"],\"verbs\":[\"list\",\"watch\"]},{\"apiGroups\":[\"apps\"],\"resources\":[\"replicasets\"],\"verbs\":[\"list\",\"watch\"]},{\"apiGroups\":[\"batch\"],\"resources\":[\"jobs\"],\"verbs\":[\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes/proxy\"],\"verbs\":[\"get\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes/stats\",\"events\"],\"verbs\":[\"create\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:cloudwatch-agent-role", + "resourceVersion": "202", + "uid": "5c0b1d83-b606-4bb9-90e0-c2cf52e4b6b1" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods", + "nodes", + "endpoints" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "replicasets" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "jobs" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes/proxy" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes/stats", + "events" + ], + "verbs": [ + "create" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:cluster-event-watcher\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"pods\",\"nodes\"],\"verbs\":[\"get\",\"list\",\"watch\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:cluster-event-watcher", + "resourceVersion": "222", + "uid": "7ba83267-5e93-41cd-8637-c46939485b1a" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods", + "nodes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:fargate-manager\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"pods\"],\"verbs\":[\"get\",\"list\",\"watch\",\"delete\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"pods/eviction\"],\"verbs\":[\"create\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "name": "eks:fargate-manager", + "resourceVersion": "309", + "uid": "158ff52a-0d89-411e-862a-303668a542ae" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "get", + "list", + "watch", + "delete" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/eviction" + ], + "verbs": [ + "create" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:fargate-scheduler\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"pods\",\"persistentvolumes\",\"persistentvolumeclaims\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"pods/status\"],\"verbs\":[\"get\",\"list\",\"watch\",\"update\"]},{\"apiGroups\":[\"\"],\"resources\":[\"configmaps\"],\"verbs\":[\"get\",\"list\",\"watch\",\"create\"]},{\"apiGroups\":[\"\"],\"resourceNames\":[\"fargate-scheduler\"],\"resources\":[\"configmaps\"],\"verbs\":[\"update\"]},{\"apiGroups\":[\"coordination.k8s.io\"],\"resourceNames\":[\"fargate-scheduler\"],\"resources\":[\"leases\"],\"verbs\":[\"get\",\"update\"]},{\"apiGroups\":[\"coordination.k8s.io\"],\"resources\":[\"leases\"],\"verbs\":[\"create\"]},{\"apiGroups\":[\"\"],\"resources\":[\"pods/binding\"],\"verbs\":[\"create\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes\"],\"verbs\":[\"get\",\"list\",\"watch\",\"delete\"]},{\"apiGroups\":[\"events.k8s.io\",\"\"],\"resources\":[\"events\"],\"verbs\":[\"create\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:fargate-scheduler", + "resourceVersion": "224", + "uid": "e9b4cc96-aa91-4a3e-915e-f3542dbdb33c" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods", + "persistentvolumes", + "persistentvolumeclaims" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/status" + ], + "verbs": [ + "get", + "list", + "watch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps" + ], + "verbs": [ + "get", + "list", + "watch", + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resourceNames": [ + "fargate-scheduler" + ], + "resources": [ + "configmaps" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resourceNames": [ + "fargate-scheduler" + ], + "resources": [ + "leases" + ], + "verbs": [ + "get", + "update" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/binding" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list", + "watch", + "delete" + ] + }, + { + "apiGroups": [ + "events.k8s.io", + "" + ], + "resources": [ + "events" + ], + "verbs": [ + "create" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:k8s-metrics\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"endpoints\",\"pods\",\"nodes\"],\"verbs\":[\"list\"]},{\"apiGroups\":[\"apps\"],\"resources\":[\"deployments\"],\"verbs\":[\"list\"]},{\"nonResourceURLs\":[\"/metrics\",\"/metrics/slis\",\"/debug/api_priority_and_fairness/*\"],\"verbs\":[\"get\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:k8s-metrics", + "resourceVersion": "228", + "uid": "53f87237-0026-4bd8-9f32-c54abf761867" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints", + "pods", + "nodes" + ], + "verbs": [ + "list" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "deployments" + ], + "verbs": [ + "list" + ] + }, + { + "nonResourceURLs": [ + "/metrics", + "/metrics/slis", + "/debug/api_priority_and_fairness/*" + ], + "verbs": [ + "get" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"creationTimestamp\":null,\"labels\":{\"app.kubernetes.io/name\":\"amazon-network-policy-controller-k8s\"},\"name\":\"eks:network-policy-controller\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"namespaces\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"pods\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"services\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"networking.k8s.aws\"],\"resources\":[\"policyendpoints\"],\"verbs\":[\"create\",\"delete\",\"get\",\"list\",\"patch\",\"update\",\"watch\"]},{\"apiGroups\":[\"networking.k8s.aws\"],\"resources\":[\"policyendpoints/finalizers\"],\"verbs\":[\"update\"]},{\"apiGroups\":[\"networking.k8s.aws\"],\"resources\":[\"policyendpoints/status\"],\"verbs\":[\"get\",\"patch\",\"update\"]},{\"apiGroups\":[\"networking.k8s.io\"],\"resources\":[\"networkpolicies\"],\"verbs\":[\"get\",\"list\",\"patch\",\"update\",\"watch\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:24Z", + "labels": { + "app.kubernetes.io/name": "amazon-network-policy-controller-k8s" + }, + "name": "eks:network-policy-controller", + "resourceVersion": "391", + "uid": "45b35f15-a4d4-4fd4-bc43-c72ec87478b5" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "namespaces" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "services" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "networking.k8s.aws" + ], + "resources": [ + "policyendpoints" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "networking.k8s.aws" + ], + "resources": [ + "policyendpoints/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "networking.k8s.aws" + ], + "resources": [ + "policyendpoints/status" + ], + "verbs": [ + "get", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "networkpolicies" + ], + "verbs": [ + "get", + "list", + "patch", + "update", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"labels\":{\"eks.amazonaws.com/component\":\"node\"},\"name\":\"eks:node-bootstrapper\"},\"rules\":[{\"apiGroups\":[\"certificates.k8s.io\"],\"resources\":[\"certificatesigningrequests/selfnodeserver\"],\"verbs\":[\"create\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "labels": { + "eks.amazonaws.com/component": "node" + }, + "name": "eks:node-bootstrapper", + "resourceVersion": "318", + "uid": "f1e5c2e8-51b8-4206-b1ba-727d5839fa6e" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resources": [ + "certificatesigningrequests/selfnodeserver" + ], + "verbs": [ + "create" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:node-manager\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"pods\"],\"verbs\":[\"get\",\"list\",\"watch\",\"delete\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes\"],\"verbs\":[\"get\",\"list\",\"watch\",\"patch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"pods/eviction\"],\"verbs\":[\"create\"]},{\"apiGroups\":[\"apps\"],\"resourceNames\":[\"aws-node\"],\"resources\":[\"daemonsets\"],\"verbs\":[\"get\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "name": "eks:node-manager", + "resourceVersion": "287", + "uid": "8179631b-59c1-4b62-a757-de25dba1d057" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "get", + "list", + "watch", + "delete" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list", + "watch", + "patch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/eviction" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resourceNames": [ + "aws-node" + ], + "resources": [ + "daemonsets" + ], + "verbs": [ + "get" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:nodewatcher\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"nodes\"],\"verbs\":[\"get\",\"watch\",\"list\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:nodewatcher", + "resourceVersion": "230", + "uid": "d8de070f-d298-4be3-87b2-e208140b24f6" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "watch", + "list" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:pod-identity-mutating-webhook\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"serviceaccounts\"],\"verbs\":[\"get\",\"watch\",\"list\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:pod-identity-mutating-webhook", + "resourceVersion": "232", + "uid": "5730ace0-07a1-4c0d-83ba-603565787d1e" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts" + ], + "verbs": [ + "get", + "watch", + "list" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:service-operations\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"endpoints\",\"persistentvolumeclaims\",\"persistentvolumeclaims/status\",\"pods\",\"replicationcontrollers\",\"replicationcontrollers/scale\",\"serviceaccounts\",\"services\",\"services/status\",\"bindings\",\"events\",\"limitranges\",\"namespaces/status\",\"pods/status\",\"replicationcontrollers/status\",\"resourcequotas\",\"resourcequotas/status\",\"namespaces\",\"nodes\",\"nodes/status\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"discovery.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"apps\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"autoscaling\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"batch\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"extensions\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"policy\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"networking.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"coordination.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"rbac.authorization.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"storage.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"certificates.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"admissionregistration.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"apiextensions.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"apiregistration.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"policy\"],\"resources\":[\"podsecuritypolicies\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"node.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"flowcontrol.apiserver.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"scheduling.k8s.io\"],\"resources\":[\"*\"],\"verbs\":[\"get\",\"list\"]},{\"apiGroups\":[\"crd.k8s.amazonaws.com\"],\"resources\":[\"eniconfigs\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"vpcresources.k8s.aws\"],\"resources\":[\"securitygrouppolicies\"],\"verbs\":[\"get\",\"list\",\"watch\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:13Z", + "name": "eks:service-operations", + "resourceVersion": "234", + "uid": "194b653f-fbbe-4331-92a9-d96104136d43" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints", + "persistentvolumeclaims", + "persistentvolumeclaims/status", + "pods", + "replicationcontrollers", + "replicationcontrollers/scale", + "serviceaccounts", + "services", + "services/status", + "bindings", + "events", + "limitranges", + "namespaces/status", + "pods/status", + "replicationcontrollers/status", + "resourcequotas", + "resourcequotas/status", + "namespaces", + "nodes", + "nodes/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "autoscaling" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "extensions" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "rbac.authorization.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "admissionregistration.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apiextensions.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apiregistration.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "podsecuritypolicies" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "node.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "flowcontrol.apiserver.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "scheduling.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list" + ] + }, + { + "apiGroups": [ + "crd.k8s.amazonaws.com" + ], + "resources": [ + "eniconfigs" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "vpcresources.k8s.aws" + ], + "resources": [ + "securitygrouppolicies" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"eks:tagging-controller\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"nodes\"],\"verbs\":[\"get\",\"patch\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:14Z", + "name": "eks:tagging-controller", + "resourceVersion": "240", + "uid": "e33db17c-5648-41d2-988e-80a3fd82dab9" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "patch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults", + "rbac.authorization.k8s.io/aggregate-to-admin": "true" + }, + "name": "system:aggregate-to-admin", + "resourceVersion": "78", + "uid": "02f31a7a-463c-4a1e-8d78-06c79d07a773" + }, + "rules": [ + { + "apiGroups": [ + "authorization.k8s.io" + ], + "resources": [ + "localsubjectaccessreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "rbac.authorization.k8s.io" + ], + "resources": [ + "rolebindings", + "roles" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "get", + "list", + "patch", + "update", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults", + "rbac.authorization.k8s.io/aggregate-to-edit": "true" + }, + "name": "system:aggregate-to-edit", + "resourceVersion": "79", + "uid": "493e7b95-2ddb-4c0e-b860-af23c407c755" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/attach", + "pods/exec", + "pods/portforward", + "pods/proxy", + "secrets", + "services/proxy" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts" + ], + "verbs": [ + "impersonate" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods", + "pods/attach", + "pods/exec", + "pods/portforward", + "pods/proxy" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/eviction" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "events", + "persistentvolumeclaims", + "replicationcontrollers", + "replicationcontrollers/scale", + "secrets", + "serviceaccounts", + "services", + "services/proxy" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts/token" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "daemonsets", + "deployments", + "deployments/rollback", + "deployments/scale", + "replicasets", + "replicasets/scale", + "statefulsets", + "statefulsets/scale" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "autoscaling" + ], + "resources": [ + "horizontalpodautoscalers" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "cronjobs", + "jobs" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "extensions" + ], + "resources": [ + "daemonsets", + "deployments", + "deployments/rollback", + "deployments/scale", + "ingresses", + "networkpolicies", + "replicasets", + "replicasets/scale", + "replicationcontrollers/scale" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "poddisruptionbudgets" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses", + "networkpolicies" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "get", + "list", + "patch", + "update", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults", + "rbac.authorization.k8s.io/aggregate-to-view": "true" + }, + "name": "system:aggregate-to-view", + "resourceVersion": "80", + "uid": "91ec70b3-062e-495e-a15a-5ac1f90f6148" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "endpoints", + "persistentvolumeclaims", + "persistentvolumeclaims/status", + "pods", + "replicationcontrollers", + "replicationcontrollers/scale", + "serviceaccounts", + "services", + "services/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "bindings", + "events", + "limitranges", + "namespaces/status", + "pods/log", + "pods/status", + "replicationcontrollers/status", + "resourcequotas", + "resourcequotas/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "namespaces" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "controllerrevisions", + "daemonsets", + "daemonsets/status", + "deployments", + "deployments/scale", + "deployments/status", + "replicasets", + "replicasets/scale", + "replicasets/status", + "statefulsets", + "statefulsets/scale", + "statefulsets/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "autoscaling" + ], + "resources": [ + "horizontalpodautoscalers", + "horizontalpodautoscalers/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "cronjobs", + "cronjobs/status", + "jobs", + "jobs/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "extensions" + ], + "resources": [ + "daemonsets", + "daemonsets/status", + "deployments", + "deployments/scale", + "deployments/status", + "ingresses", + "ingresses/status", + "networkpolicies", + "replicasets", + "replicasets/scale", + "replicasets/status", + "replicationcontrollers/scale" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "poddisruptionbudgets", + "poddisruptionbudgets/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses", + "ingresses/status", + "networkpolicies" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:auth-delegator", + "resourceVersion": "86", + "uid": "4bb9f33c-71a5-4cbc-ae43-3dd9133ed7c9" + }, + "rules": [ + { + "apiGroups": [ + "authentication.k8s.io" + ], + "resources": [ + "tokenreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "authorization.k8s.io" + ], + "resources": [ + "subjectaccessreviews" + ], + "verbs": [ + "create" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:basic-user", + "resourceVersion": "73", + "uid": "cbd3a8a5-ddbc-4921-857f-12dba43652cc" + }, + "rules": [ + { + "apiGroups": [ + "authorization.k8s.io" + ], + "resources": [ + "selfsubjectaccessreviews", + "selfsubjectrulesreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "authentication.k8s.io" + ], + "resources": [ + "selfsubjectreviews" + ], + "verbs": [ + "create" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:certificates.k8s.io:certificatesigningrequests:nodeclient", + "resourceVersion": "91", + "uid": "ba993b8d-8524-4797-ae32-6d8c5f122280" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resources": [ + "certificatesigningrequests/nodeclient" + ], + "verbs": [ + "create" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient", + "resourceVersion": "92", + "uid": "7344a284-5b22-48d8-9e01-aebeaff49f8a" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resources": [ + "certificatesigningrequests/selfnodeclient" + ], + "verbs": [ + "create" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:certificates.k8s.io:kube-apiserver-client-approver", + "resourceVersion": "96", + "uid": "c7e624f6-4f79-41b3-bdc4-4580d11341f1" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resourceNames": [ + "kubernetes.io/kube-apiserver-client" + ], + "resources": [ + "signers" + ], + "verbs": [ + "approve" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:certificates.k8s.io:kube-apiserver-client-kubelet-approver", + "resourceVersion": "97", + "uid": "9b275d63-d75d-4659-bc47-6b12a9413b36" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resourceNames": [ + "kubernetes.io/kube-apiserver-client-kubelet" + ], + "resources": [ + "signers" + ], + "verbs": [ + "approve" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:certificates.k8s.io:kubelet-serving-approver", + "resourceVersion": "95", + "uid": "c8b309a5-de1e-47c7-800b-7e04bee63026" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resourceNames": [ + "kubernetes.io/kubelet-serving" + ], + "resources": [ + "signers" + ], + "verbs": [ + "approve" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:certificates.k8s.io:legacy-unknown-approver", + "resourceVersion": "94", + "uid": "097068cf-2c05-4690-a453-4f2410f2d441" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resourceNames": [ + "kubernetes.io/legacy-unknown" + ], + "resources": [ + "signers" + ], + "verbs": [ + "approve" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:attachdetach-controller", + "resourceVersion": "101", + "uid": "00d19f56-da20-49c8-89d6-faa21692f693" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims", + "persistentvolumes" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes/status" + ], + "verbs": [ + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "volumeattachments" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "csidrivers" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "csinodes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:certificate-controller", + "resourceVersion": "127", + "uid": "1694dd17-ffde-4f23-90bf-3f81a3380439" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resources": [ + "certificatesigningrequests" + ], + "verbs": [ + "delete", + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resources": [ + "certificatesigningrequests/approval", + "certificatesigningrequests/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resourceNames": [ + "kubernetes.io/kube-apiserver-client-kubelet" + ], + "resources": [ + "signers" + ], + "verbs": [ + "approve" + ] + }, + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resourceNames": [ + "kubernetes.io/kube-apiserver-client", + "kubernetes.io/kube-apiserver-client-kubelet", + "kubernetes.io/kubelet-serving", + "kubernetes.io/legacy-unknown" + ], + "resources": [ + "signers" + ], + "verbs": [ + "sign" + ] + }, + { + "apiGroups": [ + "authorization.k8s.io" + ], + "resources": [ + "subjectaccessreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:clusterrole-aggregation-controller", + "resourceVersion": "102", + "uid": "199aed18-5618-4522-9d2a-ecc3a8ccbd01" + }, + "rules": [ + { + "apiGroups": [ + "rbac.authorization.k8s.io" + ], + "resources": [ + "clusterroles" + ], + "verbs": [ + "escalate", + "get", + "list", + "patch", + "update", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:cronjob-controller", + "resourceVersion": "103", + "uid": "4eefb726-ffa0-42f1-ac44-29af7e2c1f3f" + }, + "rules": [ + { + "apiGroups": [ + "batch" + ], + "resources": [ + "cronjobs" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "jobs" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "cronjobs/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "cronjobs/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "delete", + "list" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:daemon-set-controller", + "resourceVersion": "104", + "uid": "5cc1e30a-1e48-483c-849e-9c9449e6e26a" + }, + "rules": [ + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "daemonsets" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "daemonsets/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "daemonsets/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "create", + "delete", + "list", + "patch", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/binding" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "controllerrevisions" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:deployment-controller", + "resourceVersion": "105", + "uid": "9d3b5bef-8e20-4d7a-92d6-3d5479b0e7fb" + }, + "rules": [ + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "deployments" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "deployments/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "deployments/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "replicasets" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:disruption-controller", + "resourceVersion": "106", + "uid": "771bc463-1858-4446-9dac-1dccca688d18" + }, + "rules": [ + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "deployments" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "replicasets" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "replicationcontrollers" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "poddisruptionbudgets" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "statefulsets" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "poddisruptionbudgets/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "*" + ], + "resources": [ + "*/scale" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/status" + ], + "verbs": [ + "patch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:endpoint-controller", + "resourceVersion": "107", + "uid": "ff7110a9-b27c-4602-9687-fdb44d51e578" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods", + "services" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints/restricted" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:endpointslice-controller", + "resourceVersion": "108", + "uid": "59ed7e78-7f1c-41f2-9eee-83c978147475" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes", + "pods", + "services" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "services/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "update" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:endpointslicemirroring-controller", + "resourceVersion": "109", + "uid": "3ada9f76-a818-48a3-9127-0a1cff8e49a0" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints", + "services" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "services/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "update" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:ephemeral-volume-controller", + "resourceVersion": "111", + "uid": "93adbdf5-13b4-497d-ad6a-5dc84eb9001a" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims" + ], + "verbs": [ + "create", + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:expand-controller", + "resourceVersion": "110", + "uid": "a4e261ef-a665-4b62-8ef8-433565369fd9" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumes" + ], + "verbs": [ + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims/status" + ], + "verbs": [ + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "storageclasses" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints", + "services" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "secrets" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:generic-garbage-collector", + "resourceVersion": "112", + "uid": "f74ece1d-d2dc-49a3-b1ac-7403c47b344b" + }, + "rules": [ + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "delete", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:horizontal-pod-autoscaler", + "resourceVersion": "113", + "uid": "8da2e041-ceac-4373-a5e0-9d18a79ced28" + }, + "rules": [ + { + "apiGroups": [ + "autoscaling" + ], + "resources": [ + "horizontalpodautoscalers" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "autoscaling" + ], + "resources": [ + "horizontalpodautoscalers/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "*" + ], + "resources": [ + "*/scale" + ], + "verbs": [ + "get", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "list" + ] + }, + { + "apiGroups": [ + "metrics.k8s.io" + ], + "resources": [ + "pods" + ], + "verbs": [ + "list" + ] + }, + { + "apiGroups": [ + "custom.metrics.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list" + ] + }, + { + "apiGroups": [ + "external.metrics.k8s.io" + ], + "resources": [ + "*" + ], + "verbs": [ + "get", + "list" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:job-controller", + "resourceVersion": "114", + "uid": "a37a91ba-5e91-4cdb-a44d-e0ef630ac024" + }, + "rules": [ + { + "apiGroups": [ + "batch" + ], + "resources": [ + "jobs" + ], + "verbs": [ + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "jobs/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "jobs/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "create", + "delete", + "list", + "patch", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:namespace-controller", + "resourceVersion": "115", + "uid": "a54d8f01-21dd-46e7-8f6d-3dfa12e30936" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "namespaces" + ], + "verbs": [ + "delete", + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "namespaces/finalize", + "namespaces/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "delete", + "deletecollection", + "get", + "list" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:node-controller", + "resourceVersion": "116", + "uid": "f0a1f87c-9616-440d-96a8-e3655c99f8e3" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "delete", + "get", + "list", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes/status" + ], + "verbs": [ + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/status" + ], + "verbs": [ + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "delete", + "list" + ] + }, + { + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "clustercidrs" + ], + "verbs": [ + "create", + "get", + "list", + "update" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "get" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:persistent-volume-binder", + "resourceVersion": "117", + "uid": "16bda771-dbcb-4dd7-9d2c-95469dc99ecf" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumes" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumes/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "storageclasses" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints" + ], + "verbs": [ + "create", + "delete", + "get", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "services" + ], + "verbs": [ + "create", + "delete", + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "secrets" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "events" + ], + "verbs": [ + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:pod-garbage-collector", + "resourceVersion": "118", + "uid": "dca0a84d-ca66-4f25-b11a-6a0cbf89f1a9" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "delete", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/status" + ], + "verbs": [ + "patch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:pv-protection-controller", + "resourceVersion": "129", + "uid": "eedf57d6-ad2d-4bed-8871-daebfa01d019" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumes" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:pvc-protection-controller", + "resourceVersion": "128", + "uid": "42f5f121-5367-4519-86f5-0efe92f76c14" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:replicaset-controller", + "resourceVersion": "119", + "uid": "0ee6116f-9893-4e94-89d7-75df3bc38f73" + }, + "rules": [ + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "replicasets" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "replicasets/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "replicasets/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "create", + "delete", + "list", + "patch", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:replication-controller", + "resourceVersion": "120", + "uid": "74c3363c-4daf-4c1c-9687-7940ebcda548" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "replicationcontrollers" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "replicationcontrollers/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "replicationcontrollers/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "create", + "delete", + "list", + "patch", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:resourcequota-controller", + "resourceVersion": "121", + "uid": "8d3c5423-b068-4557-9c7c-f85b1e5a1ebd" + }, + "rules": [ + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "resourcequotas/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:root-ca-cert-publisher", + "resourceVersion": "131", + "uid": "f2b7b83e-29f7-4b69-92fb-f53ee8a7c52f" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps" + ], + "verbs": [ + "create", + "update" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:route-controller", + "resourceVersion": "122", + "uid": "eff39fd4-c1cd-498c-b042-67003e518788" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes/status" + ], + "verbs": [ + "patch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:service-account-controller", + "resourceVersion": "123", + "uid": "66598dc0-22b1-4cca-86dc-579a330e7f45" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:service-controller", + "resourceVersion": "124", + "uid": "d1c83faf-6878-4551-96dd-7af437083926" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "services" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "services/status" + ], + "verbs": [ + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:statefulset-controller", + "resourceVersion": "125", + "uid": "0afcffac-8b70-42b1-b129-a3a25c308f3c" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "statefulsets" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "statefulsets/status" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "statefulsets/finalizers" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "create", + "delete", + "get", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "controllerrevisions" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims" + ], + "verbs": [ + "create", + "get" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims" + ], + "verbs": [ + "delete", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:ttl-after-finished-controller", + "resourceVersion": "130", + "uid": "6e54d65f-eb03-4a40-b240-0a3130e9f880" + }, + "rules": [ + { + "apiGroups": [ + "batch" + ], + "resources": [ + "jobs" + ], + "verbs": [ + "delete", + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:07Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:controller:ttl-controller", + "resourceVersion": "126", + "uid": "cb169228-6256-4fd3-a102-5bd97e2dd8af" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"labels\":{\"eks.amazonaws.com/component\":\"coredns\",\"k8s-app\":\"kube-dns\",\"kubernetes.io/bootstrapping\":\"rbac-defaults\"},\"name\":\"system:coredns\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"endpoints\",\"services\",\"pods\",\"namespaces\"],\"verbs\":[\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes\"],\"verbs\":[\"get\"]},{\"apiGroups\":[\"discovery.k8s.io\"],\"resources\":[\"endpointslices\"],\"verbs\":[\"list\",\"watch\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "labels": { + "eks.amazonaws.com/component": "coredns", + "k8s-app": "kube-dns", + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:coredns", + "resourceVersion": "293", + "uid": "83f14377-1f8a-4b3c-914a-c80371437698" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints", + "services", + "pods", + "namespaces" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ], + "verbs": [ + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:discovery", + "resourceVersion": "71", + "uid": "215419e4-906d-4b6d-9c50-1f1963943d9a" + }, + "rules": [ + { + "nonResourceURLs": [ + "/api", + "/api/*", + "/apis", + "/apis/*", + "/healthz", + "/livez", + "/openapi", + "/openapi/*", + "/readyz", + "/version", + "/version/" + ], + "verbs": [ + "get" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:heapster", + "resourceVersion": "81", + "uid": "aad5e422-85d5-431b-a413-461ec6c8ef9f" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "events", + "namespaces", + "nodes", + "pods" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "extensions" + ], + "resources": [ + "deployments" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:kube-aggregator", + "resourceVersion": "87", + "uid": "faba62ef-3b53-4f0c-83f4-c2f06d3b1a58" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints", + "services" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:kube-controller-manager", + "resourceVersion": "88", + "uid": "6e3308e3-7daa-4230-b7b3-31d0bbd62784" + }, + "rules": [ + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resourceNames": [ + "kube-controller-manager" + ], + "resources": [ + "leases" + ], + "verbs": [ + "get", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resourceNames": [ + "kube-controller-manager" + ], + "resources": [ + "endpoints" + ], + "verbs": [ + "get", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "secrets", + "serviceaccounts" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "secrets" + ], + "verbs": [ + "delete" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "namespaces", + "secrets", + "serviceaccounts" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "secrets", + "serviceaccounts" + ], + "verbs": [ + "update" + ] + }, + { + "apiGroups": [ + "authentication.k8s.io" + ], + "resources": [ + "tokenreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "authorization.k8s.io" + ], + "resources": [ + "subjectaccessreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "*" + ], + "resources": [ + "*" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts/token" + ], + "verbs": [ + "create" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:kube-dns", + "resourceVersion": "89", + "uid": "43afcc0d-16d4-48f0-a2e4-264dd30e8048" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints", + "services" + ], + "verbs": [ + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:kube-scheduler", + "resourceVersion": "100", + "uid": "a751cdb8-8474-418d-b4fa-ef768b320089" + }, + "rules": [ + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resourceNames": [ + "kube-scheduler" + ], + "resources": [ + "leases" + ], + "verbs": [ + "get", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resourceNames": [ + "kube-scheduler" + ], + "resources": [ + "endpoints" + ], + "verbs": [ + "get", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "delete", + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "bindings", + "pods/binding" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/status" + ], + "verbs": [ + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "replicationcontrollers", + "services" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps", + "extensions" + ], + "resources": [ + "replicasets" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "statefulsets" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "poddisruptionbudgets" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims", + "persistentvolumes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "authentication.k8s.io" + ], + "resources": [ + "tokenreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "authorization.k8s.io" + ], + "resources": [ + "subjectaccessreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "csinodes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "namespaces" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "csidrivers" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "csistoragecapacities" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:kubelet-api-admin", + "resourceVersion": "84", + "uid": "2c037087-3c75-4cf6-acf6-eec75e85be2e" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "proxy" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes/log", + "nodes/metrics", + "nodes/proxy", + "nodes/stats" + ], + "verbs": [ + "*" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:monitoring", + "resourceVersion": "72", + "uid": "f4d0ebbb-d267-402f-a885-bb523d75a55f" + }, + "rules": [ + { + "nonResourceURLs": [ + "/healthz", + "/healthz/*", + "/livez", + "/livez/*", + "/metrics", + "/metrics/slis", + "/readyz", + "/readyz/*" + ], + "verbs": [ + "get" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:node", + "resourceVersion": "82", + "uid": "ee57d291-e363-485c-98cc-f3186fb1baf2" + }, + "rules": [ + { + "apiGroups": [ + "authentication.k8s.io" + ], + "resources": [ + "tokenreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "authorization.k8s.io" + ], + "resources": [ + "localsubjectaccessreviews", + "subjectaccessreviews" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "services" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "create", + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes/status" + ], + "verbs": [ + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "create", + "delete" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/status" + ], + "verbs": [ + "patch", + "update" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods/eviction" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "secrets" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims", + "persistentvolumes" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resources": [ + "certificatesigningrequests" + ], + "verbs": [ + "create", + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "coordination.k8s.io" + ], + "resources": [ + "leases" + ], + "verbs": [ + "create", + "delete", + "get", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "volumeattachments" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts/token" + ], + "verbs": [ + "create" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims/status" + ], + "verbs": [ + "get", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "csidrivers" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "csinodes" + ], + "verbs": [ + "create", + "delete", + "get", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "node.k8s.io" + ], + "resources": [ + "runtimeclasses" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:node-bootstrapper", + "resourceVersion": "85", + "uid": "ef598d1c-c853-4cf9-a72a-c1d55e5a8ed9" + }, + "rules": [ + { + "apiGroups": [ + "certificates.k8s.io" + ], + "resources": [ + "certificatesigningrequests" + ], + "verbs": [ + "create", + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:node-problem-detector", + "resourceVersion": "83", + "uid": "bddd3cba-3b4f-4fef-a669-27da33c3650c" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes/status" + ], + "verbs": [ + "patch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:node-proxier", + "resourceVersion": "99", + "uid": "1511cd85-4df4-4990-bfae-915c910e6695" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "endpoints", + "services" + ], + "verbs": [ + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + }, + { + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ], + "verbs": [ + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:persistent-volume-provisioner", + "resourceVersion": "90", + "uid": "e7a7708b-b161-4d18-9648-3b0b620479cb" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumes" + ], + "verbs": [ + "create", + "delete", + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims" + ], + "verbs": [ + "get", + "list", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "storageclasses" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "events" + ], + "verbs": [ + "watch" + ] + }, + { + "apiGroups": [ + "", + "events.k8s.io" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "patch", + "update" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:public-info-viewer", + "resourceVersion": "74", + "uid": "5cef30b2-3904-42e0-9fac-db2e19875169" + }, + "rules": [ + { + "nonResourceURLs": [ + "/healthz", + "/livez", + "/readyz", + "/version", + "/version/" + ], + "verbs": [ + "get" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:service-account-issuer-discovery", + "resourceVersion": "98", + "uid": "31d92ec6-cb64-4b54-bab4-0c6d7ed732f9" + }, + "rules": [ + { + "nonResourceURLs": [ + "/.well-known/openid-configuration", + "/openid/v1/jwks" + ], + "verbs": [ + "get" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults" + }, + "name": "system:volume-scheduler", + "resourceVersion": "93", + "uid": "516adaa1-fdb2-40bb-b74f-e99428a04c90" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumes" + ], + "verbs": [ + "get", + "list", + "patch", + "update", + "watch" + ] + }, + { + "apiGroups": [ + "storage.k8s.io" + ], + "resources": [ + "storageclasses" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "persistentvolumeclaims" + ], + "verbs": [ + "get", + "list", + "patch", + "update", + "watch" + ] + } + ] + }, + { + "aggregationRule": { + "clusterRoleSelectors": [ + { + "matchLabels": { + "rbac.authorization.k8s.io/aggregate-to-view": "true" + } + } + ] + }, + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "rbac.authorization.kubernetes.io/autoupdate": "true" + }, + "creationTimestamp": "2023-09-11T19:26:06Z", + "labels": { + "kubernetes.io/bootstrapping": "rbac-defaults", + "rbac.authorization.k8s.io/aggregate-to-edit": "true" + }, + "name": "view", + "resourceVersion": "338", + "uid": "a4f1126c-5f52-45d7-887a-6ddd589c321d" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "configmaps", + "endpoints", + "persistentvolumeclaims", + "persistentvolumeclaims/status", + "pods", + "replicationcontrollers", + "replicationcontrollers/scale", + "serviceaccounts", + "services", + "services/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "bindings", + "events", + "limitranges", + "namespaces/status", + "pods/log", + "pods/status", + "replicationcontrollers/status", + "resourcequotas", + "resourcequotas/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "namespaces" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "discovery.k8s.io" + ], + "resources": [ + "endpointslices" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "apps" + ], + "resources": [ + "controllerrevisions", + "daemonsets", + "daemonsets/status", + "deployments", + "deployments/scale", + "deployments/status", + "replicasets", + "replicasets/scale", + "replicasets/status", + "statefulsets", + "statefulsets/scale", + "statefulsets/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "autoscaling" + ], + "resources": [ + "horizontalpodautoscalers", + "horizontalpodautoscalers/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "batch" + ], + "resources": [ + "cronjobs", + "cronjobs/status", + "jobs", + "jobs/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "extensions" + ], + "resources": [ + "daemonsets", + "daemonsets/status", + "deployments", + "deployments/scale", + "deployments/status", + "ingresses", + "ingresses/status", + "networkpolicies", + "replicasets", + "replicasets/scale", + "replicasets/status", + "replicationcontrollers/scale" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "policy" + ], + "resources": [ + "poddisruptionbudgets", + "poddisruptionbudgets/status" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "networking.k8s.io" + ], + "resources": [ + "ingresses", + "ingresses/status", + "networkpolicies" + ], + "verbs": [ + "get", + "list", + "watch" + ] + } + ] + }, + { + "apiVersion": "rbac.authorization.k8s.io/v1", + "kind": "ClusterRole", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"rbac.authorization.k8s.io/v1\",\"kind\":\"ClusterRole\",\"metadata\":{\"annotations\":{},\"name\":\"vpc-resource-controller-role\"},\"rules\":[{\"apiGroups\":[\"\"],\"resources\":[\"events\"],\"verbs\":[\"create\",\"update\",\"patch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"nodes/status\"],\"verbs\":[\"get\",\"patch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"pods\"],\"verbs\":[\"get\",\"list\",\"patch\",\"watch\"]},{\"apiGroups\":[\"\"],\"resources\":[\"serviceaccounts\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"crd.k8s.amazonaws.com\"],\"resources\":[\"eniconfigs\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"vpcresources.k8s.aws\"],\"resources\":[\"securitygrouppolicies\"],\"verbs\":[\"get\",\"list\",\"watch\"]},{\"apiGroups\":[\"vpcresources.k8s.aws\"],\"resources\":[\"cninodes\"],\"verbs\":[\"create\",\"get\",\"list\",\"watch\"]}]}\n" + }, + "creationTimestamp": "2023-09-11T19:26:24Z", + "name": "vpc-resource-controller-role", + "resourceVersion": "378", + "uid": "fca235df-b4e7-430e-8d13-9da233296648" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "resources": [ + "events" + ], + "verbs": [ + "create", + "update", + "patch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "nodes/status" + ], + "verbs": [ + "get", + "patch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "verbs": [ + "get", + "list", + "patch", + "watch" + ] + }, + { + "apiGroups": [ + "" + ], + "resources": [ + "serviceaccounts" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "crd.k8s.amazonaws.com" + ], + "resources": [ + "eniconfigs" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "vpcresources.k8s.aws" + ], + "resources": [ + "securitygrouppolicies" + ], + "verbs": [ + "get", + "list", + "watch" + ] + }, + { + "apiGroups": [ + "vpcresources.k8s.aws" + ], + "resources": [ + "cninodes" + ], + "verbs": [ + "create", + "get", + "list", + "watch" + ] + } + ] + } + ], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/daemon_sets_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/daemon_sets_api_response.json new file mode 100644 index 0000000..6da8d27 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/daemon_sets_api_response.json @@ -0,0 +1,8 @@ +{ + "apiVersion": "v1", + "items": [], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/deployments_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/deployments_api_response.json new file mode 100644 index 0000000..6da8d27 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/deployments_api_response.json @@ -0,0 +1,8 @@ +{ + "apiVersion": "v1", + "items": [], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/horizontal_pod_autoscaler_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/horizontal_pod_autoscaler_api_response.json new file mode 100644 index 0000000..6da8d27 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/horizontal_pod_autoscaler_api_response.json @@ -0,0 +1,8 @@ +{ + "apiVersion": "v1", + "items": [], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/namespaces_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/namespaces_api_response.json new file mode 100644 index 0000000..544c358 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/namespaces_api_response.json @@ -0,0 +1,135 @@ +{ + "apiVersion": "v1", + "items": [ + { + "apiVersion": "v1", + "kind": "Namespace", + "metadata": { + "creationTimestamp": "2023-09-11T19:31:08Z", + "labels": { + "kubernetes.io/metadata.name": "amazon-guardduty" + }, + "name": "amazon-guardduty", + "resourceVersion": "990", + "uid": "25bba3c3-4eb8-41e7-88cf-08237a3f03a0" + }, + "spec": { + "finalizers": [ + "kubernetes" + ] + }, + "status": { + "phase": "Active" + } + }, + { + "apiVersion": "v1", + "kind": "Namespace", + "metadata": { + "creationTimestamp": "2023-09-11T19:26:05Z", + "labels": { + "kubernetes.io/metadata.name": "default" + }, + "name": "default", + "resourceVersion": "35", + "uid": "98c1c5cf-4dcd-4338-8667-3458d9021c0b" + }, + "spec": { + "finalizers": [ + "kubernetes" + ] + }, + "status": { + "phase": "Active" + } + }, + { + "apiVersion": "v1", + "kind": "Namespace", + "metadata": { + "creationTimestamp": "2023-09-11T19:26:05Z", + "labels": { + "kubernetes.io/metadata.name": "kube-node-lease" + }, + "name": "kube-node-lease", + "resourceVersion": "30", + "uid": "5cbce384-3e78-421e-9700-2462c269c5ce" + }, + "spec": { + "finalizers": [ + "kubernetes" + ] + }, + "status": { + "phase": "Active" + } + }, + { + "apiVersion": "v1", + "kind": "Namespace", + "metadata": { + "creationTimestamp": "2023-09-11T19:26:05Z", + "labels": { + "kubernetes.io/metadata.name": "kube-public" + }, + "name": "kube-public", + "resourceVersion": "17", + "uid": "f474518e-f7c9-4e55-aab1-952af6012044" + }, + "spec": { + "finalizers": [ + "kubernetes" + ] + }, + "status": { + "phase": "Active" + } + }, + { + "apiVersion": "v1", + "kind": "Namespace", + "metadata": { + "creationTimestamp": "2023-09-11T19:26:05Z", + "labels": { + "kubernetes.io/metadata.name": "kube-system" + }, + "name": "kube-system", + "resourceVersion": "9", + "uid": "4fa13f72-b949-40c6-8605-c263a762819b" + }, + "spec": { + "finalizers": [ + "kubernetes" + ] + }, + "status": { + "phase": "Active" + } + }, + { + "apiVersion": "v1", + "kind": "Namespace", + "metadata": { + "creationTimestamp": "2023-09-11T20:06:51Z", + "labels": { + "kubernetes.io/metadata.name": "test-namespace" + }, + "name": "test-namespace", + "resourceVersion": "7493", + "uid": "60a8dd29-0ad8-4b3f-90f4-1b366e30c88b" + }, + "spec": { + "finalizers": [ + "kubernetes" + ] + }, + "status": { + "phase": "Active" + } + } + ], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/network_policies_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/network_policies_api_response.json new file mode 100644 index 0000000..6da8d27 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/network_policies_api_response.json @@ -0,0 +1,8 @@ +{ + "apiVersion": "v1", + "items": [], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/persistent_volumes_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/persistent_volumes_api_response.json new file mode 100644 index 0000000..6da8d27 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/persistent_volumes_api_response.json @@ -0,0 +1,8 @@ +{ + "apiVersion": "v1", + "items": [], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/pods_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/pods_api_response.json new file mode 100644 index 0000000..6fa9f0d --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/pods_api_response.json @@ -0,0 +1,364 @@ +{ + "apiVersion": "v1", + "items": [ + { + "apiVersion": "v1", + "kind": "Pod", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"annotations\":{},\"name\":\"bad\",\"namespace\":\"test-namespace\"},\"spec\":{\"containers\":[{\"command\":[\"sh\",\"-c\",\"sleep 1h\"],\"image\":\"busybox\",\"name\":\"sec-ctx-demo\",\"securityContext\":{\"runAsGroup\":3000,\"runAsUser\":1000}},{\"command\":[\"sh\",\"-c\",\"sleep 1h\"],\"image\":\"busybox\",\"name\":\"sec-ctx-demo-2\"}]}}\n" + }, + "creationTimestamp": "2023-09-11T20:06:52Z", + "name": "bad", + "namespace": "test-namespace", + "resourceVersion": "7506", + "uid": "ba3c509c-e32f-4bcb-9eb2-78e75313306c" + }, + "spec": { + "containers": [ + { + "command": [ + "sh", + "-c", + "sleep 1h" + ], + "image": "busybox", + "imagePullPolicy": "Always", + "name": "sec-ctx-demo", + "resources": {}, + "securityContext": { + "runAsGroup": 3000, + "runAsUser": 1000 + }, + "terminationMessagePath": "/dev/termination-log", + "terminationMessagePolicy": "File", + "volumeMounts": [ + { + "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", + "name": "kube-api-access-plcl6", + "readOnly": true + } + ] + }, + { + "command": [ + "sh", + "-c", + "sleep 1h" + ], + "image": "busybox", + "imagePullPolicy": "Always", + "name": "sec-ctx-demo-2", + "resources": {}, + "terminationMessagePath": "/dev/termination-log", + "terminationMessagePolicy": "File", + "volumeMounts": [ + { + "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", + "name": "kube-api-access-plcl6", + "readOnly": true + } + ] + } + ], + "dnsPolicy": "ClusterFirst", + "enableServiceLinks": true, + "nodeName": "i-0bd5715b2476849a1.ec2.internal", + "preemptionPolicy": "PreemptLowerPriority", + "priority": 0, + "restartPolicy": "Always", + "schedulerName": "default-scheduler", + "securityContext": {}, + "serviceAccount": "default", + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 30, + "tolerations": [ + { + "effect": "NoExecute", + "key": "node.kubernetes.io/not-ready", + "operator": "Exists", + "tolerationSeconds": 300 + }, + { + "effect": "NoExecute", + "key": "node.kubernetes.io/unreachable", + "operator": "Exists", + "tolerationSeconds": 300 + } + ], + "volumes": [ + { + "name": "kube-api-access-plcl6", + "projected": { + "defaultMode": 420, + "sources": [ + { + "serviceAccountToken": { + "expirationSeconds": 3607, + "path": "token" + } + }, + { + "configMap": { + "items": [ + { + "key": "ca.crt", + "path": "ca.crt" + } + ], + "name": "kube-root-ca.crt" + } + }, + { + "downwardAPI": { + "items": [ + { + "fieldRef": { + "apiVersion": "v1", + "fieldPath": "metadata.namespace" + }, + "path": "namespace" + } + ] + } + } + ] + } + } + ] + }, + "status": { + "conditions": [ + { + "lastProbeTime": null, + "lastTransitionTime": "2023-09-11T20:06:52Z", + "status": "True", + "type": "Initialized" + }, + { + "lastProbeTime": null, + "lastTransitionTime": "2023-09-11T20:06:52Z", + "message": "containers with unready status: [sec-ctx-demo sec-ctx-demo-2]", + "reason": "ContainersNotReady", + "status": "False", + "type": "Ready" + }, + { + "lastProbeTime": null, + "lastTransitionTime": "2023-09-11T20:06:52Z", + "message": "containers with unready status: [sec-ctx-demo sec-ctx-demo-2]", + "reason": "ContainersNotReady", + "status": "False", + "type": "ContainersReady" + }, + { + "lastProbeTime": null, + "lastTransitionTime": "2023-09-11T20:06:52Z", + "status": "True", + "type": "PodScheduled" + } + ], + "containerStatuses": [ + { + "image": "busybox", + "imageID": "", + "lastState": {}, + "name": "sec-ctx-demo", + "ready": false, + "restartCount": 0, + "started": false, + "state": { + "waiting": { + "reason": "ContainerCreating" + } + } + }, + { + "image": "busybox", + "imageID": "", + "lastState": {}, + "name": "sec-ctx-demo-2", + "ready": false, + "restartCount": 0, + "started": false, + "state": { + "waiting": { + "reason": "ContainerCreating" + } + } + } + ], + "hostIP": "192.168.104.131", + "phase": "Pending", + "qosClass": "BestEffort", + "startTime": "2023-09-11T20:06:52Z" + } + }, + { + "apiVersion": "v1", + "kind": "Pod", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"annotations\":{},\"name\":\"good\",\"namespace\":\"test-namespace\"},\"spec\":{\"containers\":[{\"command\":[\"sh\",\"-c\",\"sleep 1h\"],\"image\":\"busybox\",\"name\":\"sec-ctx-demo\",\"securityContext\":{\"runAsGroup\":3000,\"runAsUser\":1000}}]}}\n" + }, + "creationTimestamp": "2023-09-11T20:06:52Z", + "name": "good", + "namespace": "test-namespace", + "resourceVersion": "7522", + "uid": "441fb67e-9266-46aa-b972-6d314a6651a0" + }, + "spec": { + "containers": [ + { + "command": [ + "sh", + "-c", + "sleep 1h" + ], + "image": "busybox", + "imagePullPolicy": "Always", + "name": "sec-ctx-demo", + "resources": {}, + "securityContext": { + "runAsGroup": 3000, + "runAsUser": 1000 + }, + "terminationMessagePath": "/dev/termination-log", + "terminationMessagePolicy": "File", + "volumeMounts": [ + { + "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount", + "name": "kube-api-access-q75j4", + "readOnly": true + } + ] + } + ], + "dnsPolicy": "ClusterFirst", + "enableServiceLinks": true, + "nodeName": "i-0bd5715b2476849a1.ec2.internal", + "preemptionPolicy": "PreemptLowerPriority", + "priority": 0, + "restartPolicy": "Always", + "schedulerName": "default-scheduler", + "securityContext": {}, + "serviceAccount": "default", + "serviceAccountName": "default", + "terminationGracePeriodSeconds": 30, + "tolerations": [ + { + "effect": "NoExecute", + "key": "node.kubernetes.io/not-ready", + "operator": "Exists", + "tolerationSeconds": 300 + }, + { + "effect": "NoExecute", + "key": "node.kubernetes.io/unreachable", + "operator": "Exists", + "tolerationSeconds": 300 + } + ], + "volumes": [ + { + "name": "kube-api-access-q75j4", + "projected": { + "defaultMode": 420, + "sources": [ + { + "serviceAccountToken": { + "expirationSeconds": 3607, + "path": "token" + } + }, + { + "configMap": { + "items": [ + { + "key": "ca.crt", + "path": "ca.crt" + } + ], + "name": "kube-root-ca.crt" + } + }, + { + "downwardAPI": { + "items": [ + { + "fieldRef": { + "apiVersion": "v1", + "fieldPath": "metadata.namespace" + }, + "path": "namespace" + } + ] + } + } + ] + } + } + ] + }, + "status": { + "conditions": [ + { + "lastProbeTime": null, + "lastTransitionTime": "2023-09-11T20:06:52Z", + "status": "True", + "type": "Initialized" + }, + { + "lastProbeTime": null, + "lastTransitionTime": "2023-09-11T20:06:54Z", + "status": "True", + "type": "Ready" + }, + { + "lastProbeTime": null, + "lastTransitionTime": "2023-09-11T20:06:54Z", + "status": "True", + "type": "ContainersReady" + }, + { + "lastProbeTime": null, + "lastTransitionTime": "2023-09-11T20:06:52Z", + "status": "True", + "type": "PodScheduled" + } + ], + "containerStatuses": [ + { + "containerID": "containerd://cbb05e3350f3c447b6d8bef21ffcd27be93affdd83a1aea6e09741ddf9eefa27", + "image": "docker.io/library/busybox:latest", + "imageID": "docker.io/library/busybox@sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79", + "lastState": {}, + "name": "sec-ctx-demo", + "ready": true, + "restartCount": 0, + "started": true, + "state": { + "running": { + "startedAt": "2023-09-11T20:06:53Z" + } + } + } + ], + "hostIP": "192.168.104.131", + "phase": "Running", + "podIP": "192.168.102.161", + "podIPs": [ + { + "ip": "192.168.102.161" + } + ], + "qosClass": "BestEffort", + "startTime": "2023-09-11T20:06:52Z" + } + } + ], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/resource_quotas_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/resource_quotas_api_response.json new file mode 100644 index 0000000..6da8d27 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/resource_quotas_api_response.json @@ -0,0 +1,8 @@ +{ + "apiVersion": "v1", + "items": [], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/role_bindings_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/role_bindings_api_response.json new file mode 100644 index 0000000..6da8d27 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/role_bindings_api_response.json @@ -0,0 +1,8 @@ +{ + "apiVersion": "v1", + "items": [], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/roles_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/roles_api_response.json new file mode 100644 index 0000000..6da8d27 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/roles_api_response.json @@ -0,0 +1,8 @@ +{ + "apiVersion": "v1", + "items": [], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/services_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/services_api_response.json new file mode 100644 index 0000000..6da8d27 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/services_api_response.json @@ -0,0 +1,8 @@ +{ + "apiVersion": "v1", + "items": [], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/stateful_sets_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/stateful_sets_api_response.json new file mode 100644 index 0000000..6da8d27 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/stateful_sets_api_response.json @@ -0,0 +1,8 @@ +{ + "apiVersion": "v1", + "items": [], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/cluster/storage_classes_api_response.json b/tests/data/disable_run_as_root_user_container/cluster/storage_classes_api_response.json new file mode 100644 index 0000000..66be917 --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/cluster/storage_classes_api_response.json @@ -0,0 +1,30 @@ +{ + "apiVersion": "v1", + "items": [ + { + "apiVersion": "storage.k8s.io/v1", + "kind": "StorageClass", + "metadata": { + "annotations": { + "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"storage.k8s.io/v1\",\"kind\":\"StorageClass\",\"metadata\":{\"annotations\":{\"storageclass.kubernetes.io/is-default-class\":\"true\"},\"name\":\"gp2\"},\"parameters\":{\"fsType\":\"ext4\",\"type\":\"gp2\"},\"provisioner\":\"kubernetes.io/aws-ebs\",\"volumeBindingMode\":\"WaitForFirstConsumer\"}\n", + "storageclass.kubernetes.io/is-default-class": "true" + }, + "creationTimestamp": "2023-09-11T19:26:20Z", + "name": "gp2", + "resourceVersion": "301", + "uid": "949fdd2a-508e-407f-a36e-ade29b1ad0ea" + }, + "parameters": { + "fsType": "ext4", + "type": "gp2" + }, + "provisioner": "kubernetes.io/aws-ebs", + "reclaimPolicy": "Delete", + "volumeBindingMode": "WaitForFirstConsumer" + } + ], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/tests/data/disable_run_as_root_user_container/good.yaml b/tests/data/disable_run_as_root_user_container/good.yaml new file mode 100644 index 0000000..38cbcba --- /dev/null +++ b/tests/data/disable_run_as_root_user_container/good.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Pod +metadata: + namespace: test-namespace + name: good +spec: + containers: + - name: sec-ctx-demo + image: busybox + command: [ "sh", "-c", "sleep 1h" ] + securityContext: + runAsUser: 1000 + runAsGroup: 3000 \ No newline at end of file diff --git a/tests/test_security_iam.py b/tests/test_security_iam.py index e0b62d8..7d3e458 100644 --- a/tests/test_security_iam.py +++ b/tests/test_security_iam.py @@ -166,6 +166,20 @@ def test_disable_run_as_root_user(namespaced_resources): assert "bad" in rule.result.resources +@pytest.mark.parametrize( + "namespaced_resources", + [("disable_run_as_root_user_container")], + indirect=["namespaced_resources"], +) +def test_disable_run_as_root_user_container(namespaced_resources): + rule = disable_run_as_root_user() + + rule.check(namespaced_resources) + + assert "good" not in rule.result.resources + assert "bad" in rule.result.resources + + @pytest.mark.parametrize( "namespaced_resources", [("disable_anonymous_access_for_cluster_roles")],