Kubernetes RBAC Operations: Difference between revisions
Jump to navigation
Jump to search
| Line 43: | Line 43: | ||
=Assigning a Cluster Role to a Service Account= | =Assigning a Cluster Role to a Service Account= | ||
kubectl apply -f | |||
the following manifest: | |||
apiVersion: rbac.authorization.k8s.io/v1 | |||
kind: ClusterRoleBinding | |||
metadata: | |||
name: blue-default-service-account-cluster-admin | |||
roleRef: | |||
apiGroup: rbac.authorization.k8s.io | |||
kind: ClusterRole | |||
name: cluster-admin | |||
subjects: | |||
- kind: ServiceAccount | |||
name: default | |||
namespace: blue | |||
Revision as of 22:26, 11 September 2019
Internal
List Cluster Roles
kubectl get clusterroles
Get Details about a Specific Cluster Role
kubectl -o yaml get clusterroles cluster-admin
List Cluster Role Bindings
kubectl get clusterrolebindings
Get Details about a Specific Cluster Role Binding
kubectl get clusterrolebindings cluster-admin -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
creationTimestamp: "2019-08-23T00:23:50Z"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: cluster-admin
resourceVersion: "97"
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-admin
uid: 47d578f3-c53c-11e9-9b4b-06fd25eb2db2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:masters
Assigning a Cluster Role to a Service Account
kubectl apply -f
the following manifest:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: blue-default-service-account-cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: default
namespace: blue