Difference between revisions of "System:"

From wikieduonline
Jump to navigation Jump to search
 
Line 5: Line 5:
 
  [[system:serviceaccount:]]
 
  [[system:serviceaccount:]]
  
* Referring to subjects <ref>https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects</ref>
+
* Referring to [[subjects]]<ref>https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects</ref>
 
The prefix system: is reserved for Kubernetes system use, so you should ensure that you don't have users or groups with names that start with system: by accident. Other than this special prefix, the RBAC authorization system does not require any format for usernames.
 
The prefix system: is reserved for Kubernetes system use, so you should ensure that you don't have users or groups with names that start with system: by accident. Other than this special prefix, the RBAC authorization system does not require any format for usernames.
  

Latest revision as of 11:20, 20 December 2023

system:
system:controller:
system:serviceaccount:

The prefix system: is reserved for Kubernetes system use, so you should ensure that you don't have users or groups with names that start with system: by accident. Other than this special prefix, the RBAC authorization system does not require any format for usernames.


kubectl get clusterroles | grep system
system:bootstrappers
system:node
system:nodes
system:node-proxier
system:masters
system:anonymous
system:unauthenticated
system:serviceaccount
system:serviceaccounts
system:kube-scheduler
system:kube-dns
system:volume-scheduler
system:kube-controller-manager
system:basic-user
system:dyscover


eks:
kube-system                           system::leader-locking-kube-controller-manager   2022-07-06T13:16:03Z
kube-system                           system::leader-locking-kube-scheduler            2022-07-06T13:16:03Z


system:controller:[edit]

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#controller-roles
system:controller:attachdetach-controller
system:controller:certificate-controller
system:controller:clusterrole-aggregation-controller
system:controller:cronjob-controller
system:controller:daemon-set-controller
system:controller:deployment-controller
system:controller:disruption-controller
system:controller:endpoint-controller
system:controller:expand-controller
system:controller:generic-garbage-collector
system:controller:horizontal-pod-autoscaler
system:controller:job-controller
system:controller:namespace-controller
system:controller:node-controller
system:controller:persistent-volume-binder
system:controller:pod-garbage-collector
system:controller:pv-protection-controller
system:controller:pvc-protection-controller
system:controller:replicaset-controller
system:controller:replication-controller
system:controller:resourcequota-controller
system:controller:root-ca-cert-publisher
system:controller:route-controller
system:controller:service-account-controller
system:controller:service-controller
system:controller:statefulset-controller
system:controller:ttl-controller

ClusterRole[edit]

Activities[edit]

Related[edit]

See also[edit]

  • https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects
  • Advertising: