--- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: labels: app: tf-job-operator name: tf-job-operator rules: - apiGroups: - kubeflow.org resources: - tfjobs - tfjobs/status - tfjobs/finalizers verbs: - '*' - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - '*' - apiGroups: - "" resources: - pods - services - endpoints - events verbs: - '*' - apiGroups: - apps - extensions resources: - deployments verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubeflow-tfjobs-admin labels: rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" aggregationRule: clusterRoleSelectors: - matchLabels: rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" rules: [] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubeflow-tfjobs-edit labels: rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" rules: - apiGroups: - kubeflow.org resources: - tfjobs - tfjobs/status verbs: - get - list - watch - create - delete - deletecollection - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubeflow-tfjobs-view labels: rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" rules: - apiGroups: - kubeflow.org resources: - tfjobs - tfjobs/status verbs: - get - list - watch