mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-05-10 17:46:42 +00:00
cb60a4cc4c
* Remove `logger` module * Remove `shared` module * Move `cli` folder contents into project root * Fix linter * Change the module name from `github.com/kubeshark/kubeshark/cli` to `github.com/kubeshark/kubeshark` * Set the default `Makefile` rule to `build` * Add `lint` rule * Fix the linter errors
38 lines
1.1 KiB
YAML
38 lines
1.1 KiB
YAML
# This example shows permissions that are required for Kubeshark to resolve IPs to service names in namespace-restricted mode
|
|
kind: Role
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: kubeshark-resolver-role
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["serviceaccounts"]
|
|
verbs: ["get", "list", "create", "delete"]
|
|
- apiGroups: ["rbac.authorization.k8s.io"]
|
|
resources: ["roles"]
|
|
verbs: ["get", "list", "create", "delete"]
|
|
- apiGroups: ["rbac.authorization.k8s.io"]
|
|
resources: ["rolebindings"]
|
|
verbs: ["get", "list", "create", "delete"]
|
|
- apiGroups: ["", "apps", "extensions"]
|
|
resources: ["pods"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["", "apps", "extensions"]
|
|
resources: ["services"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["", "apps", "extensions"]
|
|
resources: ["endpoints"]
|
|
verbs: ["get", "list", "watch"]
|
|
---
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: kubeshark-resolver-rolebindings
|
|
subjects:
|
|
- kind: User
|
|
name: user-with-restricted-access
|
|
apiGroup: rbac.authorization.k8s.io
|
|
roleRef:
|
|
kind: Role
|
|
name: kubeshark-resolver-role
|
|
apiGroup: rbac.authorization.k8s.io
|