From 35f2df1ed229631006842afdc0d982bb6305acbe Mon Sep 17 00:00:00 2001 From: Joseph Lewis III Date: Tue, 12 Sep 2023 13:01:47 -0600 Subject: [PATCH] Update kubernetes-roles.md (#1040) Remove out of date examples from Kubernetes roles doc. The source of truth is what's in the cluster. --- .../operator/security/kubernetes-roles.md | 66 ------------------- 1 file changed, 66 deletions(-) diff --git a/docs/content/en/docs/v2.11/operator/security/kubernetes-roles.md b/docs/content/en/docs/v2.11/operator/security/kubernetes-roles.md index 3cc827b87..ccb8bdd45 100644 --- a/docs/content/en/docs/v2.11/operator/security/kubernetes-roles.md +++ b/docs/content/en/docs/v2.11/operator/security/kubernetes-roles.md @@ -18,24 +18,6 @@ using the following command. kubectl describe clusterrole space-developer ``` -The default installation of Kf provides the following -permissions: - -```none -PolicyRule: - Resources Non-Resource URLs Resource Names Verbs - --------- ----------------- -------------- ----- - events [] [] [*] - secrets [] [] [*] - *.kf.dev [] [] [*] - networkpolicies.networking.k8s.io [] [] [*] - pods/exec [] [] [create] - *.upload.kf.dev [] [] [create] - pods/log [] [] [get list watch] - pods [] [] [get list watch] - rolebindings.rbac.authorization.k8s.io [] [] [get list watch] -``` - ## Space auditor role {#space-auditor} The Space auditor role aggregates read-only permissions that auditors and @@ -49,18 +31,6 @@ using the following command. kubectl describe clusterrole space-auditor ``` -The default installation of Kf provides the following -permissions: - -```none -PolicyRule: - Resources Non-Resource URLs Resource Names Verbs - --------- ----------------- -------------- ----- - events [] [] [*] - apps.kf.dev [] [] [get list watch] - rolebindings.rbac.authorization.k8s.io [] [] [get list watch] -``` - ## Space manager role {#space-manager} The Space manager role aggregates permissions that allow delegation of duties to @@ -73,20 +43,6 @@ using the following command. kubectl describe clusterrole space-manager ``` -The default installation of Kf provides the following -permissions: - -```none -PolicyRule: - Resources Non-Resource URLs Resource Names Verbs - --------- ----------------- -------------- ----- - clusterroles.rbac.authorization.k8s.io [] [space-auditor] [bind] - clusterroles.rbac.authorization.k8s.io [] [space-developer] [bind] - clusterroles.rbac.authorization.k8s.io [] [space-manager] [bind] - rolebindings.rbac.authorization.k8s.io [] [] [get list update patch watch] - apps.kf.dev [] [] [get list watch] -``` - {{< note >}} Subjects bound to the `space-manager` ClusterRole within a Kf Space are also granted write access to that Space. {{< /note >}} @@ -110,16 +66,6 @@ Space on your cluster using the following command. kubectl describe clusterrole SPACE_NAME-manager ``` -The default installation of Kf provides the following -permissions: - -```none -PolicyRule: - Resources Non-Resource URLs Resource Names Verbs - --------- ----------------- -------------- ----- - spaces.kf.dev [] [SPACE_NAME] [get list watch update patch] -``` - ## Kf cluster reader role {#kf-cluster-reader} Kf automatically grants the `kf-cluster-reader` role to all users on a @@ -132,15 +78,3 @@ cluster readers on your cluster using the following command. ```sh kubectl describe clusterrole kf-cluster-reader ``` - -The default installation of Kf provides the following -permissions: - -```none -PolicyRule: - Resources Non-Resource URLs Resource Names Verbs - --------- ----------------- -------------- ----- - namespaces [] [kf] [get list watch] - clusterservicebrokers.kf.dev [] [] [get list watch] - spaces.kf.dev [] [] [get list watch] -``` \ No newline at end of file