first commit

2022-10-18 16:59:37 +08:00 · 2022-10-18 16:59:37 +08:00 · ba848e218d
commit ba848e218d
1001 changed files with 152333 additions and 0 deletions
--- a/CloudNative/Kubernetes/Base/Role和ClusterRole.md
+++ b/CloudNative/Kubernetes/Base/Role和ClusterRole.md
@ -0,0 +1,47 @@
+```
+## role用于某个namespace
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: default
+  name: pod-reader
+rules:
+- apiGroups: [""] #"" indicates the core API group
+  resources: ["pods"]
+  verbs: ["get", "watch", "list"]
+```
+
+```
+## clusterrole用于集群级资源或非资源类的api或者多个namespace
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  # "namespace" omitted since ClusterRoles are not namespaced
+  name: secret-reader
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "watch", "list"]
+```
+
+```
+# RoleBinding 示例（引用 Role）
+# This role binding allows "jane" to read pods in the "default" namespace.
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: read-pods
+  namespace: default
+subjects:
+- kind: User
+  name: jane
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: pod-reader
+  apiGroup: rbac.authorization.k8s.io
+```
+
+```
+
+```