Role and RoleBinding

Role in Kubernetes contains a set of rules. A rule defines a set of permissions for certain operations and resources by specifying apiGroups, resources, and verbs. For example, the following role defines a read-only rule for configmaps:

# cat role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: configmap-ro
rules:
  - apiGroups: ["*"]
    resources: ["configmaps"]
    verbs: ["watch", "get", "list"]

A RoleBinding is used to associate a role with a list of accounts. The following example shows we assign the configmap-ro role to a list of subjects. It only has the user linda in this case:

# cat rolebinding.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: devops-role-binding
subjects:
- apiGroup: ""
  kind: User
  name: linda
roleRef:
  apiGroup: ""
  kind: Role
  name: configmap-ro

Role and RoleBinding are namespaced. Their scope is only within a single namespace. For accessing cluster-wide resources, we'll need ClusterRole and ClusterRoleBinding.

For adding namespace into Role or RoleBinding, simply add a namespace field into the metadata in the configuration file.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.142.36.231