リソースモデルと対応するAPIのバージョンは、Kubernetesのバージョンによって異なります。 したがって、Container Service for Kubernetes (ACK) クラスターのロールベースのアクセス制御 (RBAC) ロールのテンプレートも、Kubernetesバージョンのクラスターとともに更新する必要があります。 2022年9月2日から、クラスターのKubernetesバージョンを更新すると、クラスター内の事前定義されたRBACロールのClusterRoleテンプレートが更新されます。 これにより、クラスターの更新後に事前定義されたRBACロールでの権限設定の欠落または非推奨によって引き起こされる認証の失敗が防止されます。
さまざまな定義済みRBACロールのClusterRoleテンプレート
重要 クラスター内の定義済みRBACロールのClusterRoleテンプレートに対するカスタム変更は、システムがクラスターを更新すると上書きされます。 クラスターで定義済みのRBACロールのClusterRoleテンプレートを変更しないことをお勧めします。 カスタム権限を設定する必要がある場合は、カスタムロールを作成することを推奨します。 詳細については、「RAMユーザーまたはRAMロールへのRBAC権限の付与」をご参照ください。
ACKは、定義済みのさまざまなRBACロールに対して次のClusterRoleテンプレートを提供します。
- 管理者ロールのClusterRoleテンプレートcs:admin
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole メタデータ: 名前: cs:admin ルール: -apiGroups: - '*' リソース: - '*' verbs: -'*' -nonResourceURL: - '*' verbs: - '*' - ClusterRoleテンプレートのO&Mエンジニアロールcs:ops
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole メタデータ: 名前: cs:ops ルール: -apiGroups: [""] リソース: ["pods", "pods/attach", "pods/exec", "pods/portforward", "pods/proxy"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: [""] リソース: ["configmaps" 、"endpoints" 、"persistentvolumeclaims" 、"replicationcontrollers" 、"replicationcontrollers/scale" 、"secrets" 、"serviceaccounts" 、"services" 、"services/proxy"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: [""] リソース: ["bindings", "events", "limitranges", "namespaces/status", "replicationcontrollers/status", "pods/log", "pods/status", "resourcequotas/status", "componentstatus"] 動詞: ["get", "list", "watch"] -apiGroups: [""] リソース: ["namespaces", "nodes", "persistentvolumes"] verbs: ["get", "list", "watch", "patch"] -apiGroups: ["coordination.k8s.io"] リソース: ["leases"] 動詞: ["get"] -apiGroups: ["apps"] リソース: ["daemonsets" 、"deployments" 、"deployments/rollback" 、"deployments/scale" 、"replicasets" 、"replicasets/scale" 、"statefulsets"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["autoscaling"] リソース: ["horizontalpodautoscalers"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["batch"] リソース: ["cronjobs", "jobs"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["extensions"] リソース: ["daemonsets", "deployments", "deployments/rollback", "deployments/scale", "ingresses", "replicasets", "replicasets/scale", "replicationcontrollers/scale"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["networking.k8s.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["servicecatalog.k8s.io"] リソース: ["clusterserviceclasses", "clusterserviceplans", "clusterserviceplans", "clusterservicebrokers", "serviceinstances", "servicebindings"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -apiGroups: ["servicecatalog.k8s.io"] リソース: ["clusterservicebrokers/status", "clusterserviceclasses/status", "clusterserviceplans/status", "serviceinstances/status", "serviceinstances/reference", "servicebindings/status",] 動詞: ["update"] -apiGroups: ["storage.k8s.io"] リソース: ["storageclasses"] 動詞: ["get", "list", "watch"] -apiGroups: ["alicloud.com"] リソース: ["*"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -apiGroups: ["policy"] リソース: ["poddisruptionbudgets"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["metrics.k8s.io"] リソース: ["pods", "nodes"] 動詞: ["get", "watch", "list"] -apiGroups: ["networking.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["config.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["rbac.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["istio.alibabacloud.com"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["authentication.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["log.alibabacloud.com"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["monitoring.kiali.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["kiali.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["apiextensions.k8s.io"] リソース: ["customresourcedefinitions"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["serving.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["eventing.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["messaging.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["sources.eventing.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["tekton.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["alert.alibabacloud.com"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] - 開発者ロールcs:dev
apiVersion: rbac.authorization.k8s.io/v1のClusterRoleテンプレート kind: ClusterRole メタデータ: 名前: cs:dev ルール: -apiGroups: [""] リソース: ["pods", "pods/attach", "pods/exec", "pods/portforward", "pods/proxy"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: [""] リソース: ["configmaps" 、"endpoints" 、"persistentvolumeclaims" 、"replicationcontrollers" 、"replicationcontrollers/scale" 、"secrets" 、"serviceaccounts" 、"services" 、"services/proxy"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: [""] リソース: ["events", "namespaces/status", "replicationcontrollers/status", "pods/log", "pods/status", "componentstatus"] 動詞: ["get", "list", "watch"] -apiGroups: [""] リソース: ["namespaces"] 動詞: ["get", "list", "watch"] -apiGroups: ["apps"] リソース: ["daemonsets" 、"deployments" 、"deployments/rollback" 、"deployments/scale" 、"replicasets" 、"replicasets/scale" 、"statefulsets"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["autoscaling"] リソース: ["horizontalpodautoscalers"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["batch"] リソース: ["cronjobs", "jobs"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["extensions"] リソース: ["daemonsets", "deployments", "deployments/rollback", "deployments/scale", "ingresses", "replicasets", "replicasets/scale", "replicationcontrollers/scale"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["metrics.k8s.io"] リソース: ["pods"] 動詞: ["get", "watch", "list"] -apiGroups: ["networking.k8s.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["servicecatalog.k8s.io"] リソース: ["clusterserviceclasses", "clusterserviceplans", "clusterserviceplans", "clusterservicebrokers", "serviceinstances", "servicebindings"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -apiGroups: ["servicecatalog.k8s.io"] リソース: ["clusterservicebrokers/status", "clusterserviceclasses/status", "clusterserviceplans/status", "serviceinstances/status", "serviceinstances/reference", "servicebindings/status",] 動詞: ["update"] -apiGroups: ["alicloud.com"] リソース: ["*"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -apiGroups: ["policy"] リソース: ["poddisruptionbudgets"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["networking.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["config.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["rbac.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["istio.alibabacloud.com"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["authentication.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["log.alibabacloud.com"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["monitoring.kiali.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["kiali.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["apiextensions.k8s.io"] リソース: ["customresourcedefinitions"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["serving.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["eventing.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["messaging.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["sources.eventing.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["tekton.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["alert.alibabacloud.com"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] - 制限付きユーザーロールのClusterRoleテンプレートcs:restricted
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole メタデータ: 名前: cs:restricted ルール: -apiGroups: [""] リソース: ["pods" 、"configmaps" 、"endpoints" 、"persistentvolumeclaims" 、"replicationcontrollers" 、"replicationcontrollers/scale" 、"secrets" 、"serviceaccounts" 、"services" 、"services/proxy"] 動詞: ["get", "list", "watch"] -apiGroups: [""] リソース: ["events", "replicationcontrollers/status", "pods/log", "pods/status", "componentstatus"] 動詞: ["get", "list", "watch"] -apiGroups: ["apps"] リソース: ["daemonsets" 、"deployments" 、"deployments/rollback" 、"deployments/scale" 、"replicasets" 、"replicasets/scale" 、"statefulsets"] 動詞: ["get", "list", "watch"] -apiGroups: ["autoscaling"] リソース: ["horizontalpodautoscalers"] 動詞: ["get", "list", "watch"] -apiGroups: ["batch"] リソース: ["cronjobs", "jobs"] 動詞: ["get", "list", "watch"] -apiGroups: ["extensions"] リソース: ["daemonsets", "deployments", "deployments/rollback", "deployments/scale", "ingresses", "replicasets", "replicasets/scale", "replicationcontrollers/scale"] 動詞: ["get", "list", "watch"] -apiGroups: ["networking.k8s.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["servicecatalog.k8s.io"] リソース: ["clusterserviceclasses", "clusterserviceplans", "clusterserviceplans", "clusterservicebrokers", "serviceinstances", "servicebindings"] 動詞: ["get", "list", "watch"] -apiGroups: ["alicloud.com"] リソース: ["*"] 動詞: ["get", "list"] -apiGroups: ["policy"] リソース: ["poddisruptionbudgets"] 動詞: ["get", "list"] -apiGroups: ["networking.istio.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["config.istio.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["rbac.istio.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["istio.alibabacloud.com"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["authentication.istio.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["log.alibabacloud.com"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["monitoring.kiali.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["kiali.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["apiextensions.k8s.io"] リソース: ["customresourcedefinitions"] 動詞: ["get", "list", "watch"] -apiGroups: ["serving.knative.de v"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["eventing.knative.de v"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["messaging.knative.de v"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["sources.eventing.knative.de v"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["tekton.de v"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["alert.alibabacloud.com"] リソース: ["*"] verbs: ["get", "list", "watch"] - 名前空間固有の開発者ロールcs:ns:dev
のClusterRoleテンプレートapiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole メタデータ: 名前: cs:ns:dev ルール: -apiGroups: [""] リソース: ["pods", "pods/attach", "pods/exec", "pods/portforward", "pods/proxy"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: [""] リソース: ["configmaps" 、"endpoints" 、"persistentvolumeclaims" 、"replicationcontrollers" 、"replicationcontrollers/scale" 、"secrets" 、"serviceaccounts" 、"services" 、"services/proxy"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: [""] リソース: ["events", "replicationcontrollers/status", "pods/log", "pods/status"] 動詞: ["get", "list", "watch"] -apiGroups: ["apps"] リソース: ["daemonsets" 、"deployments" 、"deployments/rollback" 、"deployments/scale" 、"replicasets" 、"replicasets/scale" 、"statefulsets"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["autoscaling"] リソース: ["horizontalpodautoscalers"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["batch"] リソース: ["cronjobs", "jobs"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["extensions"] リソース: ["daemonsets", "deployments", "deployments/rollback", "deployments/scale", "ingresses", "replicasets", "replicasets/scale", "replicationcontrollers/scale"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["networking.k8s.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["servicecatalog.k8s.io"] リソース: ["clusterserviceclasses", "clusterserviceplans", "clusterserviceplans", "clusterservicebrokers", "serviceinstances", "servicebindings"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -apiGroups: ["servicecatalog.k8s.io"] リソース: ["clusterservicebrokers/status", "clusterserviceclasses/status", "clusterserviceplans/status", "serviceinstances/status", "serviceinstances/reference", "servicebindings/status",] 動詞: ["update"] -apiGroups: ["alicloud.com"] リソース: ["*"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -apiGroups: ["policy"] リソース: ["poddisruptionbudgets"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["networking.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["config.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["rbac.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["istio.alibabacloud.com"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["authentication.istio.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["log.alibabacloud.com"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["monitoring.kiali.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["kiali.io"] リソース: ["*"] verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] -apiGroups: ["apiextensions.k8s.io"] リソース: ["customresourcedefinitions"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["serving.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["eventing.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["messaging.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["sources.eventing.knative.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["tekton.de v"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] -apiGroups: ["alert.alibabacloud.com"] リソース: ["*"] verbs: ["get", "list", "create", "watch", "patch", "update", "delete", "deletecollection"] - 名前空間固有の制限付きユーザーロールcsのClusterRoleテンプレート: ns:restricted
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole メタデータ: 名前: cs:ns:restricted ルール: -apiGroups: [""] リソース: ["pods" 、"configmaps" 、"endpoints" 、"persistentvolumeclaims" 、"replicationcontrollers" 、"replicationcontrollers/scale" 、"secrets" 、"serviceaccounts" 、"services" 、"services/proxy"] 動詞: ["get", "list", "watch"] -apiGroups: [""] リソース: ["events", "replicationcontrollers/status", "pods/log", "pods/status"] 動詞: ["get", "list", "watch"] -apiGroups: ["apps"] リソース: ["daemonsets" 、"deployments" 、"deployments/rollback" 、"deployments/scale" 、"replicasets" 、"replicasets/scale" 、"statefulsets"] 動詞: ["get", "list", "watch"] -apiGroups: ["autoscaling"] リソース: ["horizontalpodautoscalers"] 動詞: ["get", "list", "watch"] -apiGroups: ["batch"] リソース: ["cronjobs", "jobs"] 動詞: ["get", "list", "watch"] -apiGroups: ["extensions"] リソース: ["daemonsets", "deployments", "deployments/rollback", "deployments/scale", "ingresses", "replicasets", "replicasets/scale", "replicationcontrollers/scale"] 動詞: ["get", "list", "watch"] -apiGroups: ["networking.k8s.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["servicecatalog.k8s.io"] リソース: ["clusterserviceclasses", "clusterserviceplans", "clusterserviceplans", "clusterservicebrokers", "serviceinstances", "servicebindings"] 動詞: ["get", "list", "watch"] -apiGroups: ["alicloud.com"] リソース: ["*"] 動詞: ["get", "list"] -apiGroups: ["policy"] リソース: ["poddisruptionbudgets"] 動詞: ["get", "list"] -apiGroups: ["networking.istio.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["config.istio.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["rbac.istio.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["istio.alibabacloud.com"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["authentication.istio.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["log.alibabacloud.com"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["monitoring.kiali.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["kiali.io"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["apiextensions.k8s.io"] リソース: ["customresourcedefinitions"] 動詞: ["get", "list", "watch"] -apiGroups: ["serving.knative.de v"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["eventing.knative.de v"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["messaging.knative.de v"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["sources.eventing.knative.de v"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["tekton.de v"] リソース: ["*"] 動詞: ["get", "list", "watch"] -apiGroups: ["alert.alibabacloud.com"] リソース: ["*"] verbs: ["get", "list", "watch"]