forked from opendatahub-io/models-as-a-service
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathclusterrole.yaml
More file actions
34 lines (30 loc) · 972 Bytes
/
clusterrole.yaml
File metadata and controls
34 lines (30 loc) · 972 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: maas-api
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
# SA token provider resources
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
# Token review for authentication
- apiGroups: ["authentication.k8s.io"]
resources: ["tokenreviews"]
verbs: ["create"]
# KServe resources for model management
- apiGroups: ["serving.kserve.io"]
resources: ["inferenceservices", "llminferenceservices"]
verbs: ["get", "list", "watch"]
# Metrics and monitoring
- apiGroups: [""]
resources: ["pods", "services", "endpoints"]
verbs: ["get", "list", "watch"]