Difference between revisions of "Kind: ClusterRole"

Latest revision as of 10:05, 2 November 2023

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: '*'
  name: pod-reader
rules:
- apiGroups: ["extensions", "apps", ""]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]

Ref: https://stackoverflow.com/a/53524535

 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cluster-read-only-role ^[1]
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["get","watch","list"]
- nonResourceURLs:
  - /metrics
  verbs:
  - get

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  name: view-aws
rules:
- apiGroups:
  - '*'
  resources:
  - nodes
  - namespaces
  - pods
  - events
  verbs:
  - get
  - list
- apiGroups:
  - apps
  resources:
  - deployments
  - daemonsets
  - statefulsets
  - replicasets
  verbs:
  - get
  - list
- apiGroups:
 - batch
  resources:
  - jobs
  verbs:
  - get
  - list

https://medium.com/codex/how-to-provide-access-to-aws-eks-for-sso-users-via-aws-sso-to-view-and-manage-the-cluster-17e2acfd6a35

K8s Cluster roles[edit]

cluster-admin
admin
edit
view (kubectl describe clusterrole view)

Related[edit]

groups:
kubectl get roles -A
kubectl create clusterrole
kubectl describe clusterrole
kind: Role
kind: Cluster
kind: ClusterConfig
aws-auth configMap
Terraform resource: kubernetes_cluster_role

See also[edit]

Kubernetes roles, kubectl get [ roles | clusterroles | clusterrolebindings ], kubectl create rolebinding, K8s Cluster roles
Kubernetes RBAC kubectl auth, kubectl auth can-i, kubectl auth reconcile kubectl create [ role | clusterrole | clusterrolebinding | rolebinding | serviceaccount ], groups:, Kubernetes RBAC good practices, kube2iam, K8s Cluster roles, rbac.authorization.k8s.io, system:

↑ https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1182188

[1]

Difference between revisions of "Kind: ClusterRole"

Latest revision as of 10:05, 2 November 2023

K8s Cluster roles[edit]

Related[edit]

See also[edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

@@ Line 1: / Line 1: @@
 {{lc}}
-  kind: ClusterRole
+  [[kind:]] ClusterRole
-  apiVersion: rbac.authorization.k8s.io/v1
+  [[apiVersion:]] [[rbac.authorization.k8s.io/v1]]
   metadata:
     namespace: '*'
     name: pod-reader
-  rules:
+  [[rules:]]
-  - apiGroups: ["extensions", "apps", ""]
+  - [[apiGroups:]] ["extensions", "apps", ""]
-    resources: ["pods"]
+    [[resources:]] ["pods"]
-    verbs: ["get", "list", "watch"]
+    [[verbs:]] ["[[get]]", "[[list]]", "[[watch]]"]
   Ref: https://stackoverflow.com/a/53524535
+ {{cluster-read-only-role}}
+ apiVersion: [[rbac.authorization.k8s.io]]/v1
+ kind: ClusterRole
+ metadata:
+   annotations:
+     [[rbac.authorization.kubernetes.io]]/autoupdate: "true"
+   name: view-aws
+ rules:
+ - apiGroups:
+   - '*'
+   resources:
+   - nodes
+   - namespaces
+   - pods
+   - events
+   verbs:
+   - get
+   - list
+ - apiGroups:
+   - apps
+   resources:
+   - deployments
+   - daemonsets
+   - statefulsets
+   - replicasets
+   verbs:
+   - get
+   - list
+ - apiGroups:
+  - batch
+   resources:
+   - jobs
+   verbs:
+   - get
+   - list
+* https://medium.com/codex/how-to-provide-access-to-aws-eks-for-sso-users-via-aws-sso-to-view-and-manage-the-cluster-17e2acfd6a35
+== [[K8s Cluster roles]] ==
+{{K8s roles TOC}}
+== Related ==
+* <code>[[groups:]]</code>
+* <code>[[kubectl get roles -A]]</code>
+* <code>[[kubectl create clusterrole]]</code>
+* <code>[[kubectl describe clusterrole]]</code>
+* <code>[[kind: Role]]</code>
+* <code>[[kind: Cluster]]</code>
+* <code>[[kind: ClusterConfig]]</code>
+* <code>[[aws-auth configMap]]</code>
+* [[Terraform resource]]: [[kubernetes_cluster_role]]
+== See also ==
+* {{Kubernetes roles}}
+* {{Kubernetes RBAC}}
-{{Kubernetes RBAC}}
+[[Category:K8s]]