kubernetes RBAC | 易学教程

Role:

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

namespace: gauss

name: gauss-op

rules:

- apiGroups: ["*"]

resources: ["*"]

verbs: ["*"]

RoleBinding:

kind: RoleBinding

apiVersion: rbac.authorization.k8s.io/v1

metadata:

name: bach-gauss-rb

namespace: gauss

subjects:

- kind: ServiceAccount

name: bach-gauss

roleRef:

kind: Role

name: gauss-op

apiGroup: rbac.authorization.k8s.io

ClusterRole:

apiVersion: rbac.authorization.k8s.io/v1alpha1

kind: ClusterRole

metadata:

name: cluster-read-all

rules:

-

apiGroups:

- ""

- apps

- autoscaling

- batch

- extensions

- policy

- rbac.authorization.k8s.io

resources:

- componentstatuses

- configmaps

- daemonsets

- deployments

- events

- endpoints

- horizontalpodautoscalers

- ingress

- jobs

- limitranges

- namespaces

- nodes

- pods

- persistentvolumes

- persistentvolumeclaims

- resourcequotas

- replicasets

- replicationcontrollers

- serviceaccounts

- services

- secrets

- ingresses

- statefulsets

verbs:

- get

- watch

- list

- nonResourceURLs: ["*"]

verbs:

- get

- watch

- list

ClusterRoleBinding

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

name: read-secrets-global

subjects:

- kind: ServiceAccount

name: kubernetes-dashboard

namespace: kube-system

roleRef:

kind: ClusterRole

name: cluster-read-all

apiGroup: rbac.authorization.k8s.io

来源：oschina

链接：https://my.oschina.net/u/4389172/blog/4030479

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!