system:controller:certificate-controller created 2021-08-30 18:36:54, version 153 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: 'true'
  creationTimestamp: '2021-08-30T18:36:54Z'
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  managedFields:
  - apiVersion: rbac.authorization.k8s.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .: {}
          f:rbac.authorization.kubernetes.io/autoupdate: {}
        f:labels:
          .: {}
          f:kubernetes.io/bootstrapping: {}
      f:rules: {}
    manager: k3s
    operation: Update
    time: '2021-08-30T18:36:54Z'
  name: system:controller:certificate-controller
  resourceVersion: '153'
  uid: 4c82afd7-7b66-4864-b24e-420f88634cbe
rules:
- apiGroups:
  - certificates.k8s.io
  resources:
  - certificatesigningrequests
  verbs:
  - delete
  - get
  - list
  - watch
- apiGroups:
  - certificates.k8s.io
  resources:
  - certificatesigningrequests/approval
  - certificatesigningrequests/status
  verbs:
  - update
- apiGroups:
  - certificates.k8s.io
  resourceNames:
  - kubernetes.io/kube-apiserver-client-kubelet
  resources:
  - signers
  verbs:
  - approve
- apiGroups:
  - certificates.k8s.io
  resourceNames:
  - kubernetes.io/kube-apiserver-client
  - kubernetes.io/kube-apiserver-client-kubelet
  - kubernetes.io/kubelet-serving
  - kubernetes.io/legacy-unknown
  resources:
  - signers
  verbs:
  - sign
- apiGroups:
  - authorization.k8s.io
  resources:
  - subjectaccessreviews
  verbs:
  - create
- apiGroups:
  - ''
  - events.k8s.io
  resources:
  - events
  verbs:
  - create
  - patch
  - update