Kubernetes RBAC Operations

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

List Cluster Roles

kubectl get clusterroles

Get Details about a Specific Cluster Role

kubectl -o yaml get clusterroles cluster-admin

List Cluster Role Bindings

kubectl get clusterrolebindings

Get Details about a Specific Cluster Role Binding

kubectl get clusterrolebindings cluster-admin -o yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  creationTimestamp: "2019-08-23T00:23:50Z"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
  resourceVersion: "97"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-admin
  uid: 47d578f3-c53c-11e9-9b4b-06fd25eb2db2
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:masters

Assigning a Cluster Role to a Service Account

kubectl apply -f

the following manifest: 

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: blue-default-service-account-cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: default
    namespace: blue
Retrieved from "https://kb.novaordis.com/index.php?title=Kubernetes_RBAC_Operations&oldid=61532"