Kubernetes RBAC Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 20: Line 20:


=Assigning a Cluster Role to a Service Account=
=Assigning a Cluster Role to a Service Account=
==Using Metadata==


  kubectl apply -f  
  kubectl apply -f  
Line 37: Line 39:
     name: default
     name: default
     namespace: blue
     namespace: blue
==Using CLI==
<syntaxhighlight lang='bash'>
kubectl create rolebinding -n <namespace> <role-binding-name> --clusterrole=<clusterrole-name> --serviceaccount=<namespace>:<serviceaccount-name>
kubectl create rolebinding -n blue edit-blue-serviceaccount-binding --clusterrole=edit --serviceaccount=blue:blue-serviceaccount
</syntaxhighlight>

Revision as of 05:28, 3 September 2020

Internal

List Cluster Roles

kubectl get clusterroles

Get Details about a Specific Cluster Role

kubectl -o yaml get clusterroles cluster-admin

List Cluster Role Bindings

kubectl get clusterrolebindings

Get Details about a Specific Cluster Role Binding

kubectl get clusterrolebindings cluster-admin -o yaml

Assigning a Cluster Role to a Service Account

Using Metadata

kubectl apply -f

the following manifest: 

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: blue-default-service-account-cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: default
    namespace: blue

Using CLI

kubectl create rolebinding -n <namespace> <role-binding-name> --clusterrole=<clusterrole-name> --serviceaccount=<namespace>:<serviceaccount-name>
kubectl create rolebinding -n blue edit-blue-serviceaccount-binding --clusterrole=edit --serviceaccount=blue:blue-serviceaccount
Retrieved from "https://kb.novaordis.com/index.php?title=Kubernetes_RBAC_Operations&oldid=68449"