Difference between revisions of "Kind: ClusterRole"

From wikieduonline
Jump to navigation Jump to search
 
(30 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
{{lc}}
 
{{lc}}
  
  kind: ClusterRole
+
  [[kind:]] ClusterRole
  apiVersion: rbac.authorization.k8s.io/v1
+
  [[apiVersion:]] [[rbac.authorization.k8s.io/v1]]
 
  metadata:
 
  metadata:
 
   namespace: '*'
 
   namespace: '*'
 
   name: pod-reader
 
   name: pod-reader
 +
[[rules:]]
 +
- [[apiGroups:]] ["extensions", "apps", ""]
 +
  [[resources:]] ["pods"]
 +
  [[verbs:]] ["[[get]]", "[[list]]", "[[watch]]"]
 +
 +
Ref: https://stackoverflow.com/a/53524535
 +
 +
{{cluster-read-only-role}}
 +
 +
 +
apiVersion: [[rbac.authorization.k8s.io]]/v1
 +
kind: ClusterRole
 +
metadata:
 +
  annotations:
 +
    [[rbac.authorization.kubernetes.io]]/autoupdate: "true"
 +
  name: view-aws
 
  rules:
 
  rules:
  - apiGroups: ["extensions", "apps", ""]
+
  - apiGroups:
   resources: ["pods"]
+
  - '*'
  verbs: ["get", "list", "watch"]
+
  resources:
 +
  - nodes
 +
  - namespaces
 +
  - pods
 +
  - events
 +
  verbs:
 +
  - get
 +
  - list
 +
- apiGroups:
 +
  - apps
 +
   resources:
 +
  - deployments
 +
  - daemonsets
 +
  - statefulsets
 +
  - replicasets
 +
  verbs:
 +
  - get
 +
  - list
 +
- apiGroups:
 +
  - batch
 +
  resources:
 +
  - jobs
 +
  verbs:
 +
  - get
 +
  - list
 +
* https://medium.com/codex/how-to-provide-access-to-aws-eks-for-sso-users-via-aws-sso-to-view-and-manage-the-cluster-17e2acfd6a35
 +
 
 +
 
 +
 
 +
== [[K8s Cluster roles]] ==
 +
{{K8s roles TOC}}
 +
 
 +
== Related ==
 +
* <code>[[groups:]]</code>
 +
* <code>[[kubectl get roles -A]]</code>
 +
* <code>[[kubectl create clusterrole]]</code>
 +
* <code>[[kubectl describe clusterrole]]</code>
 +
* <code>[[kind: Role]]</code>
 +
* <code>[[kind: Cluster]]</code>
 +
* <code>[[kind: ClusterConfig]]</code>
 +
* <code>[[aws-auth configMap]]</code>
 +
* [[Terraform resource]]: [[kubernetes_cluster_role]]
 +
 
 +
== See also ==
 +
* {{Kubernetes roles}}
 +
* {{Kubernetes RBAC}}
 +
 
 +
[[Category:K8s]]

Latest revision as of 10:05, 2 November 2023

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: '*'
  name: pod-reader
rules:
- apiGroups: ["extensions", "apps", ""]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]

Ref: https://stackoverflow.com/a/53524535
 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cluster-read-only-role [1]
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["get","watch","list"]
- nonResourceURLs:
  - /metrics
  verbs:
  - get


apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  name: view-aws
rules:
- apiGroups:
  - '*'
  resources:
  - nodes
  - namespaces
  - pods
  - events
  verbs:
  - get
  - list
- apiGroups:
  - apps
  resources:
  - deployments
  - daemonsets
  - statefulsets
  - replicasets
  verbs:
  - get
  - list
- apiGroups:
 - batch
  resources:
  - jobs
  verbs:
  - get
  - list


K8s Cluster roles[edit]

Related[edit]

See also[edit]

  • https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1182188
  • Advertising: