iProbe/Docs
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
Docs/CloudNative/Kubernetes/Base/Role和ClusterRole.md
iProbe ba848e218d first commit
2022-10-18 16:59:37 +08:00

47 lines
No EOL
969 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

```
## role用于某个namespace
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: pod-reader
rules:
- apiGroups: [""] #"" indicates the core API group
resources: ["pods"]
verbs: ["get", "watch", "list"]
```
```
## clusterrole用于集群级资源或非资源类的api或者多个namespace
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
# "namespace" omitted since ClusterRoles are not namespaced
name: secret-reader
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch", "list"]
```
```
# RoleBinding 示例(引用 Role
# This role binding allows "jane" to read pods in the "default" namespace.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
namespace: default
subjects:
- kind: User
name: jane
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io
```
```
```
Reference in a new issue View git blame Copy permalink