Skip to content

Commit

Permalink
Update kubernetes-roles.md (#1040)
Browse files Browse the repository at this point in the history 
Remove out of date examples from Kubernetes roles doc. The source of
truth is what's in the cluster.
  • Loading branch information
@josephlewis42
josephlewis42 authored Sep 12, 2023
1 parent 090dd72 commit 35f2df1
Showing 1 changed file with 0 additions and 66 deletions.
66 changes: 0 additions & 66 deletions docs/content/en/docs/v2.11/operator/security/kubernetes-roles.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,24 +18,6 @@ using the following command.
kubectl describe clusterrole space-developer
```

The default installation of Kf provides the following
permissions:

```none
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [*]
secrets [] [] [*]
*.kf.dev [] [] [*]
networkpolicies.networking.k8s.io [] [] [*]
pods/exec [] [] [create]
*.upload.kf.dev [] [] [create]
pods/log [] [] [get list watch]
pods [] [] [get list watch]
rolebindings.rbac.authorization.k8s.io [] [] [get list watch]
```

## Space auditor role {#space-auditor}

The Space auditor role aggregates read-only permissions that auditors and
Expand All @@ -49,18 +31,6 @@ using the following command.
kubectl describe clusterrole space-auditor
```

The default installation of Kf provides the following
permissions:

```none
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [*]
apps.kf.dev [] [] [get list watch]
rolebindings.rbac.authorization.k8s.io [] [] [get list watch]
```

## Space manager role {#space-manager}

The Space manager role aggregates permissions that allow delegation of duties to
Expand All @@ -73,20 +43,6 @@ using the following command.
kubectl describe clusterrole space-manager
```

The default installation of Kf provides the following
permissions:

```none
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
clusterroles.rbac.authorization.k8s.io [] [space-auditor] [bind]
clusterroles.rbac.authorization.k8s.io [] [space-developer] [bind]
clusterroles.rbac.authorization.k8s.io [] [space-manager] [bind]
rolebindings.rbac.authorization.k8s.io [] [] [get list update patch watch]
apps.kf.dev [] [] [get list watch]
```

{{< note >}} Subjects bound to the `space-manager` ClusterRole within a
Kf Space are also granted write access to that Space.
{{< /note >}}
Expand All @@ -110,16 +66,6 @@ Space on your cluster using the following command.
kubectl describe clusterrole SPACE_NAME-manager
```

The default installation of Kf provides the following
permissions:

```none
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
spaces.kf.dev [] [SPACE_NAME] [get list watch update patch]
```

## Kf cluster reader role {#kf-cluster-reader}

Kf automatically grants the `kf-cluster-reader` role to all users on a
Expand All @@ -132,15 +78,3 @@ cluster readers on your cluster using the following command.
```sh
kubectl describe clusterrole kf-cluster-reader
```

The default installation of Kf provides the following
permissions:

```none
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
namespaces [] [kf] [get list watch]
clusterservicebrokers.kf.dev [] [] [get list watch]
spaces.kf.dev [] [] [get list watch]
```

0 comments on commit 35f2df1

Please sign in to comment.