Difference between revisions of "Kind: Role"
Jump to navigation
Jump to search
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
* <code>[[kind:]] Role</code> | * <code>[[kind:]] Role</code> | ||
+ | |||
+ | * https://archive.eksworkshop.com/beginner/090_rbac/create_role_and_binding/ | ||
+ | |||
+ | cat << EoF > rbacuser-role.yaml | ||
+ | kind: Role | ||
+ | apiVersion: [[rbac.authorization.k8s.io/v1]] | ||
+ | metadata: | ||
+ | namespace: rbac-test | ||
+ | name: pod-reader | ||
+ | rules: | ||
+ | - apiGroups: [""] # "" indicates the core API group | ||
+ | resources: ["pods"] | ||
+ | verbs: ["list","get","watch"] | ||
+ | - apiGroups: ["extensions","apps"] | ||
+ | resources: ["deployments"] | ||
+ | verbs: ["get", "list", "watch"] | ||
+ | EoF | ||
+ | |||
+ | |||
+ | https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-example | ||
== Related == | == Related == | ||
* <code>[[kind: ClusterRole]]</code> | * <code>[[kind: ClusterRole]]</code> | ||
− | * <code> | + | * <code>[[kind: RoleBinding]]</code> |
* <code>[[kind: ClusterRoleBinding]]</code> | * <code>[[kind: ClusterRoleBinding]]</code> | ||
Latest revision as of 11:18, 31 October 2023
kind: Role
cat << EoF > rbacuser-role.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: rbac-test name: pod-reader rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods"] verbs: ["list","get","watch"] - apiGroups: ["extensions","apps"] resources: ["deployments"] verbs: ["get", "list", "watch"] EoF
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-example
Related[edit]
See also[edit]
- Kubernetes roles,
kubectl get [ roles | clusterroles | clusterrolebindings ], kubectl create rolebinding
, K8s Cluster roles - Kubernetes RBAC
kubectl auth, kubectl auth can-i, kubectl auth reconcile
kubectl create [ role | clusterrole | clusterrolebinding
|rolebinding | serviceaccount ], groups:
, Kubernetes RBAC good practices,kube2iam
, K8s Cluster roles,rbac.authorization.k8s.io
,system:
Advertising: