wide open clusterole

Author: puckpuck

README.md

@@ -3,6 +3,15 @@
 A Daemonset that does nothing, but has all your network utilities ready to go, 
 so you can test workloads in your Kubernetes cluster.
 
+## Warning
+The ClusterRole used to set up this tool provides read access to **ALL** resources
+in your Kubernetes cluster. This isn't recommended for anything that even comes
+close to a production environment. Please know what the fuck you are doing before
+you deploy this thing blindly to your Kubernetes cluster.
+
+You are encouraged to modify the ClusterRole to restrict to specific resources
+before deploying.
+
 ## Utilities
 The image is based on [jonlabelle/network-tools](https://github.com/jonlabelle/docker-network-tools).
 Several utilities are installed including:

seashell.yaml

@@ -29,63 +29,9 @@ metadata:
   namespace: utils
 rules:
   - apiGroups:
-      - ""
+      - "*"
     resources:
-      - events
-      - namespaces
-      - namespaces/status
-      - nodes
-      - nodes/logs
-      - nodes/metrics
-      - nodes/proxy
-      - nodes/spec
-      - nodes/stats
-      - persistentvolumes
-      - persistentvolumeclaims
-      - pods
-      - pods/status
-      - replicationcontrollers
-      - replicationcontrollers/status
-      - resourcequotas
-      - services
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - apps
-    resources:
-      - daemonsets
-      - deployments
-      - replicasets
-      - statefulsets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-    resources:
-      - daemonsets
-      - deployments
-      - replicasets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - batch
-    resources:
-      - jobs
-      - cronjobs
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - autoscaling
-    resources:
-      - horizontalpodautoscalers
+      - "*"
     verbs:
       - get
       - list
@@ -118,7 +64,6 @@ spec:
       containers:
         - name: seashell
           image: puckpuck/seashell:0.1
-          imagePullPolicy: IfNotPresent
           env:
             - name: NODE_NAME
               valueFrom: