Difference between revisions of "System:"
Jump to navigation
Jump to search
↑ https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects
(4 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
[[system:]] | [[system:]] | ||
− | system:controller: | + | [[system:controller:]] |
[[system:serviceaccount:]] | [[system:serviceaccount:]] | ||
+ | |||
+ | * Referring to [[subjects]]<ref>https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects</ref> | ||
+ | The prefix system: is reserved for Kubernetes system use, so you should ensure that you don't have users or groups with names that start with system: by accident. Other than this special prefix, the RBAC authorization system does not require any format for usernames. | ||
Line 80: | Line 83: | ||
* <code>[[groups:]]</code> | * <code>[[groups:]]</code> | ||
* <code>[[kubectl get clusterroles]]</code> | * <code>[[kubectl get clusterroles]]</code> | ||
+ | * <code>[[rbac.authorization.k8s.io]]</code> | ||
== See also == | == See also == |
Latest revision as of 11:20, 20 December 2023
system: system:controller: system:serviceaccount:
The prefix system: is reserved for Kubernetes system use, so you should ensure that you don't have users or groups with names that start with system: by accident. Other than this special prefix, the RBAC authorization system does not require any format for usernames.
kubectl get clusterroles | grep system system:bootstrappers system:node system:nodes system:node-proxier
system:masters system:anonymous system:unauthenticated
system:serviceaccount system:serviceaccounts system:kube-scheduler system:kube-dns system:volume-scheduler system:kube-controller-manager system:basic-user system:dyscover
eks:
kube-system system::leader-locking-kube-controller-manager 2022-07-06T13:16:03Z kube-system system::leader-locking-kube-scheduler 2022-07-06T13:16:03Z
system:controller:[edit]
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#controller-roles
system:controller:attachdetach-controller system:controller:certificate-controller system:controller:clusterrole-aggregation-controller system:controller:cronjob-controller system:controller:daemon-set-controller system:controller:deployment-controller system:controller:disruption-controller system:controller:endpoint-controller system:controller:expand-controller system:controller:generic-garbage-collector system:controller:horizontal-pod-autoscaler system:controller:job-controller system:controller:namespace-controller system:controller:node-controller system:controller:persistent-volume-binder system:controller:pod-garbage-collector system:controller:pv-protection-controller system:controller:pvc-protection-controller system:controller:replicaset-controller system:controller:replication-controller system:controller:resourcequota-controller system:controller:root-ca-cert-publisher system:controller:route-controller system:controller:service-account-controller system:controller:service-controller system:controller:statefulset-controller system:controller:ttl-controller
ClusterRole[edit]
Activities[edit]
Related[edit]
eksctl create iamidentitymapping
kind: ClusterRole
- Terraform EKS module:
manage_aws_auth_configmap, aws_auth_roles, aws_auth_users
aws-auth
ConfigMapgroups:
kubectl get clusterroles
rbac.authorization.k8s.io
See also[edit]
system:, system:masters, system:controller:, system:anonymous, system:serviceaccount:, system:serviceaccounts:, system:bootstrappers, system:node, system:nodes
,kubectl get clusterroles
rbac.authorization.k8s.io, system:
- Kubernetes RBAC
kubectl auth, kubectl auth can-i, kubectl auth reconcile
kubectl create [ role | clusterrole | clusterrolebinding
|rolebinding | serviceaccount ], groups:
, Kubernetes RBAC good practices,kube2iam
, K8s Cluster roles,rbac.authorization.k8s.io
,system:
- Kubernetes API Server,
kube-apiserver, system:bootstrappers, --event-ttl, snap info kube-apiserver
Advertising: