Difference between revisions of "Kind: ClusterRole"
Jump to navigation
Jump to search
↑ https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1182188
(30 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
− | kind: ClusterRole | + | [[kind:]] ClusterRole |
− | apiVersion: rbac.authorization.k8s.io/v1 | + | [[apiVersion:]] [[rbac.authorization.k8s.io/v1]] |
metadata: | metadata: | ||
namespace: '*' | namespace: '*' | ||
name: pod-reader | name: pod-reader | ||
+ | [[rules:]] | ||
+ | - [[apiGroups:]] ["extensions", "apps", ""] | ||
+ | [[resources:]] ["pods"] | ||
+ | [[verbs:]] ["[[get]]", "[[list]]", "[[watch]]"] | ||
+ | |||
+ | Ref: https://stackoverflow.com/a/53524535 | ||
+ | |||
+ | {{cluster-read-only-role}} | ||
+ | |||
+ | |||
+ | apiVersion: [[rbac.authorization.k8s.io]]/v1 | ||
+ | kind: ClusterRole | ||
+ | metadata: | ||
+ | annotations: | ||
+ | [[rbac.authorization.kubernetes.io]]/autoupdate: "true" | ||
+ | name: view-aws | ||
rules: | rules: | ||
− | - apiGroups: | + | - apiGroups: |
− | resources: [ | + | - '*' |
− | + | resources: | |
+ | - nodes | ||
+ | - namespaces | ||
+ | - pods | ||
+ | - events | ||
+ | verbs: | ||
+ | - get | ||
+ | - list | ||
+ | - apiGroups: | ||
+ | - apps | ||
+ | resources: | ||
+ | - deployments | ||
+ | - daemonsets | ||
+ | - statefulsets | ||
+ | - replicasets | ||
+ | verbs: | ||
+ | - get | ||
+ | - list | ||
+ | - apiGroups: | ||
+ | - batch | ||
+ | resources: | ||
+ | - jobs | ||
+ | verbs: | ||
+ | - get | ||
+ | - list | ||
+ | * https://medium.com/codex/how-to-provide-access-to-aws-eks-for-sso-users-via-aws-sso-to-view-and-manage-the-cluster-17e2acfd6a35 | ||
+ | |||
+ | |||
+ | |||
+ | == [[K8s Cluster roles]] == | ||
+ | {{K8s roles TOC}} | ||
+ | |||
+ | == Related == | ||
+ | * <code>[[groups:]]</code> | ||
+ | * <code>[[kubectl get roles -A]]</code> | ||
+ | * <code>[[kubectl create clusterrole]]</code> | ||
+ | * <code>[[kubectl describe clusterrole]]</code> | ||
+ | * <code>[[kind: Role]]</code> | ||
+ | * <code>[[kind: Cluster]]</code> | ||
+ | * <code>[[kind: ClusterConfig]]</code> | ||
+ | * <code>[[aws-auth configMap]]</code> | ||
+ | * [[Terraform resource]]: [[kubernetes_cluster_role]] | ||
+ | |||
+ | == See also == | ||
+ | * {{Kubernetes roles}} | ||
+ | * {{Kubernetes RBAC}} | ||
+ | |||
+ | [[Category:K8s]] |
Latest revision as of 10:05, 2 November 2023
kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: '*' name: pod-reader rules: - apiGroups: ["extensions", "apps", ""] resources: ["pods"] verbs: ["get", "list", "watch"] Ref: https://stackoverflow.com/a/53524535
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: cluster-read-only-role [1] rules: - apiGroups: ["*"] resources: ["*"] verbs: ["get","watch","list"] - nonResourceURLs: - /metrics verbs: - get
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" name: view-aws rules: - apiGroups: - '*' resources: - nodes - namespaces - pods - events verbs: - get - list - apiGroups: - apps resources: - deployments - daemonsets - statefulsets - replicasets verbs: - get - list - apiGroups: - batch resources: - jobs verbs: - get - list
K8s Cluster roles[edit]
Related[edit]
groups:
kubectl get roles -A
kubectl create clusterrole
kubectl describe clusterrole
kind: Role
kind: Cluster
kind: ClusterConfig
aws-auth configMap
- Terraform resource: kubernetes_cluster_role
See also[edit]
- Kubernetes roles,
kubectl get [ roles | clusterroles | clusterrolebindings ], kubectl create rolebinding
, K8s Cluster roles - Kubernetes RBAC
kubectl auth, kubectl auth can-i, kubectl auth reconcile
kubectl create [ role | clusterrole | clusterrolebinding
|rolebinding | serviceaccount ], groups:
, Kubernetes RBAC good practices,kube2iam
, K8s Cluster roles,rbac.authorization.k8s.io
,system:
Advertising: