|
| 1 | +apiVersion: apiextensions.k8s.io/v1 |
| 2 | +kind: CustomResourceDefinition |
| 3 | +metadata: |
| 4 | + annotations: |
| 5 | + controller-gen.kubebuilder.io/version: v0.12.0 |
| 6 | + creationTimestamp: "2023-10-11T02:04:10Z" |
| 7 | + generation: 2 |
| 8 | + labels: |
| 9 | + app.kubernetes.io/managed-by: rancher |
| 10 | + name: roletemplates.management.cattle.io |
| 11 | + resourceVersion: "6499013" |
| 12 | + uid: 58760b2c-6813-4a7b-a6b3-d58969104075 |
| 13 | +spec: |
| 14 | + conversion: |
| 15 | + strategy: None |
| 16 | + group: management.cattle.io |
| 17 | + names: |
| 18 | + kind: RoleTemplate |
| 19 | + listKind: RoleTemplateList |
| 20 | + plural: roletemplates |
| 21 | + singular: roletemplate |
| 22 | + scope: Cluster |
| 23 | + versions: |
| 24 | + - name: v3 |
| 25 | + schema: |
| 26 | + openAPIV3Schema: |
| 27 | + description: RoleTemplate holds configuration for a template that is used |
| 28 | + to create kubernetes Roles and ClusterRoles (in the rbac.authorization.k8s.io |
| 29 | + group) for a cluster or project. |
| 30 | + properties: |
| 31 | + administrative: |
| 32 | + description: Administrative if false, and context is set to cluster this |
| 33 | + RoleTemplate will not grant access to "CatalogTemplates" and "CatalogTemplateVersions" |
| 34 | + for any project in the cluster. Default is false. |
| 35 | + type: boolean |
| 36 | + apiVersion: |
| 37 | + description: 'APIVersion defines the versioned schema of this representation |
| 38 | + of an object. Servers should convert recognized schemas to the latest |
| 39 | + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' |
| 40 | + type: string |
| 41 | + builtin: |
| 42 | + description: Builtin if true specifies that this RoleTemplate was created |
| 43 | + by Rancher and is immutable. Default to false. |
| 44 | + type: boolean |
| 45 | + clusterCreatorDefault: |
| 46 | + description: ClusterCreatorDefault if true, a binding with this RoleTemplate |
| 47 | + will be created for a users when they create a new cluster. ClusterCreatorDefault |
| 48 | + is only evaluated if the context of the RoleTemplate is set to cluster. |
| 49 | + Default to false. |
| 50 | + type: boolean |
| 51 | + context: |
| 52 | + description: Context describes if the roleTemplate applies to clusters |
| 53 | + or projects. Valid values are "project", "cluster" or "". |
| 54 | + enum: |
| 55 | + - project |
| 56 | + - cluster |
| 57 | + - "" |
| 58 | + type: string |
| 59 | + description: |
| 60 | + description: Description holds text that describes the resource. |
| 61 | + type: string |
| 62 | + displayName: |
| 63 | + description: DisplayName is the human-readable name displayed in the UI |
| 64 | + for this resource. |
| 65 | + type: string |
| 66 | + external: |
| 67 | + description: External if true specifies that rules for this RoleTemplate |
| 68 | + should be gathered from a ClusterRole with the matching name. If set |
| 69 | + to true the Rules on the template will not be evaluated. External's |
| 70 | + value is only evaluated if the RoleTemplate's context is set to "cluster" |
| 71 | + Default to false. |
| 72 | + type: boolean |
| 73 | + hidden: |
| 74 | + description: Hidden if true informs the Rancher UI not to display this |
| 75 | + RoleTemplate. Default to false. |
| 76 | + type: boolean |
| 77 | + kind: |
| 78 | + description: 'Kind is a string value representing the REST resource this |
| 79 | + object represents. Servers may infer this from the endpoint the client |
| 80 | + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' |
| 81 | + type: string |
| 82 | + locked: |
| 83 | + description: Locked if true, new bindings will not be able to use this |
| 84 | + RoleTemplate. Default to false. |
| 85 | + type: boolean |
| 86 | + metadata: |
| 87 | + type: object |
| 88 | + projectCreatorDefault: |
| 89 | + description: ProjectCreatorDefault if true, a binding with this RoleTemplate |
| 90 | + will be created for a user when they create a new project. ProjectCreatorDefault |
| 91 | + is only evaluated if the context of the RoleTemplate is set to project. |
| 92 | + Default to false. |
| 93 | + type: boolean |
| 94 | + roleTemplateNames: |
| 95 | + description: RoleTemplateNames list of RoleTemplate names that this RoleTemplate |
| 96 | + will inherit. This RoleTemplate will grant all rules defined in an inherited |
| 97 | + RoleTemplate. Inherited RoleTemplates must already exist. |
| 98 | + items: |
| 99 | + type: string |
| 100 | + type: array |
| 101 | + rules: |
| 102 | + description: Rules hold all the PolicyRules for this RoleTemplate. |
| 103 | + items: |
| 104 | + description: PolicyRule holds information that describes a policy rule, |
| 105 | + but does not contain information about who the rule applies to or |
| 106 | + which namespace the rule applies to. |
| 107 | + properties: |
| 108 | + apiGroups: |
| 109 | + description: APIGroups is the name of the APIGroup that contains |
| 110 | + the resources. If multiple API groups are specified, any action |
| 111 | + requested against one of the enumerated resources in any API group |
| 112 | + will be allowed. "" represents the core API group and "*" represents |
| 113 | + all API groups. |
| 114 | + items: |
| 115 | + type: string |
| 116 | + type: array |
| 117 | + nonResourceURLs: |
| 118 | + description: NonResourceURLs is a set of partial urls that a user |
| 119 | + should have access to. *s are allowed, but only as the full, |
| 120 | + final step in the path Since non-resource URLs are not namespaced, |
| 121 | + this field is only applicable for ClusterRoles referenced from |
| 122 | + a ClusterRoleBinding. Rules can either apply to API resources |
| 123 | + (such as "pods" or "secrets") or non-resource URL paths (such |
| 124 | + as "/api"), but not both. |
| 125 | + items: |
| 126 | + type: string |
| 127 | + type: array |
| 128 | + resourceNames: |
| 129 | + description: ResourceNames is an optional white list of names that |
| 130 | + the rule applies to. An empty set means that everything is allowed. |
| 131 | + items: |
| 132 | + type: string |
| 133 | + type: array |
| 134 | + resources: |
| 135 | + description: Resources is a list of resources this rule applies |
| 136 | + to. '*' represents all resources. |
| 137 | + items: |
| 138 | + type: string |
| 139 | + type: array |
| 140 | + verbs: |
| 141 | + description: Verbs is a list of Verbs that apply to ALL the ResourceKinds |
| 142 | + contained in this rule. '*' represents all verbs. |
| 143 | + items: |
| 144 | + type: string |
| 145 | + type: array |
| 146 | + required: |
| 147 | + - verbs |
| 148 | + type: object |
| 149 | + type: array |
| 150 | + type: object |
| 151 | + served: true |
| 152 | + storage: true |
| 153 | +status: |
| 154 | + acceptedNames: |
| 155 | + kind: RoleTemplate |
| 156 | + listKind: RoleTemplateList |
| 157 | + plural: roletemplates |
| 158 | + singular: roletemplate |
| 159 | + conditions: |
| 160 | + - lastTransitionTime: "2023-10-11T02:04:11Z" |
| 161 | + message: no conflicts found |
| 162 | + reason: NoConflicts |
| 163 | + status: "True" |
| 164 | + type: NamesAccepted |
| 165 | + - lastTransitionTime: "2023-10-11T02:04:11Z" |
| 166 | + message: the initial names have been accepted |
| 167 | + reason: InitialNamesAccepted |
| 168 | + status: "True" |
| 169 | + type: Established |
| 170 | + storedVersions: |
| 171 | + - v3 |
0 commit comments