k8s/apps/n8n/rbac.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: n8n-readonly
rules:
- apiGroups: [""]
  resources: 
    - pods
    - services
    - endpoints
    - persistentvolumeclaims
    - persistentvolumes
    - configmaps
    - secrets
    - nodes
    - namespaces
    - events
  verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
  resources:
    - deployments
    - replicasets
    - statefulsets
    - daemonsets
  verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
  resources:
    - ingresses
    - networkpolicies
  verbs: ["get", "list", "watch"]
- apiGroups: ["extensions"]
  resources:
    - ingresses
  verbs: ["get", "list", "watch"]
- apiGroups: ["autoscaling"]
  resources:
    - horizontalpodautoscalers
  verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
  resources:
    - jobs
    - cronjobs
  verbs: ["get", "list", "watch"]
- apiGroups: ["metrics.k8s.io"]
  resources:
    - pods
    - nodes
  verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
  resources:
    - storageclasses
  verbs: ["get", "list", "watch"]
- apiGroups: ["policy"]
  resources:
    - poddisruptionbudgets
  verbs: ["get", "list", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: n8n-readonly
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: n8n-readonly
subjects:
- kind: ServiceAccount
  name: n8n-readonly
  namespace: n8n
Added RBAC 2026-02-05 12:15:47 +02:00			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: n8n-readonly`
			`rules:`
			`- apiGroups: [""]`
			`resources:`
			`- pods`
			`- services`
			`- endpoints`
			`- persistentvolumeclaims`
			`- persistentvolumes`
			`- configmaps`
			`- secrets`
			`- nodes`
			`- namespaces`
			`- events`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["apps"]`
			`resources:`
			`- deployments`
			`- replicasets`
			`- statefulsets`
			`- daemonsets`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["networking.k8s.io"]`
			`resources:`
			`- ingresses`
			`- networkpolicies`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["extensions"]`
			`resources:`
			`- ingresses`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["autoscaling"]`
			`resources:`
			`- horizontalpodautoscalers`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["batch"]`
			`resources:`
			`- jobs`
			`- cronjobs`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["metrics.k8s.io"]`
			`resources:`
			`- pods`
			`- nodes`
			`verbs: ["get", "list"]`
			`- apiGroups: ["storage.k8s.io"]`
			`resources:`
			`- storageclasses`
			`verbs: ["get", "list", "watch"]`
			`- apiGroups: ["policy"]`
			`resources:`
			`- poddisruptionbudgets`
			`verbs: ["get", "list", "watch"]`

			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
			`name: n8n-readonly`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: n8n-readonly`
			`subjects:`
			`- kind: ServiceAccount`
			`name: n8n-readonly`
			`namespace: n8n`