apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: eks-console-dashboard-restricted-access-clusterrole rules: - apiGroups: - "" resources: - nodes - namespaces verbs: - get - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: eks-console-dashboard-restricted-access-clusterrole-binding subjects: - kind: Group name: eks-console-dashboard-restricted-access-group apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: eks-console-dashboard-restricted-access-clusterrole apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: eks-console-dashboard-restricted-access-role rules: - apiGroups: - "" resources: - pods - configmaps - endpoints - events - limitranges - persistentvolumeclaims - podtemplates - replicationcontrollers - resourcequotas - secrets - serviceaccounts - services verbs: - get - list - apiGroups: - apps resources: - deployments - daemonsets - statefulsets - replicasets verbs: - get - list - apiGroups: - batch resources: - jobs - cronjobs verbs: - get - list - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - get - list - apiGroups: - events.k8s.io resources: - events verbs: - get - list - apiGroups: - extensions resources: - daemonsets - deployments - ingresses - networkpolicies - replicasets verbs: - get - list - apiGroups: - networking.k8s.io resources: - ingresses - networkpolicies verbs: - get - list - apiGroups: - policy resources: - poddisruptionbudgets verbs: - get - list - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings - roles verbs: - get - list - apiGroups: - storage.k8s.io resources: - csistoragecapacities verbs: - get - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: eks-console-dashboard-restricted-access-role-binding namespace: default subjects: - kind: Group name: eks-console-dashboard-restricted-access-group apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: eks-console-dashboard-restricted-access-role apiGroup: rbac.authorization.k8s.io