k8s系列--role绑定和cluster绑定(17)
将default命名空间的 pod-reader Role赋予jane,此后jane用户在default命名空间中将具有pod-reader的权限kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1betal
metadata:
name: read-pods
namespace: default
subjects:
- kind: User
name: jane
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io
kind: Role
apiVersion: rbac.authorization.k8s.io/v1betal
metadata:
namespace: default
name: pod-and-pod-logs-reader
rules:
- apiGroups: [""]
resources: ["pods", "pods/log"]
verbs: ["get", "list"]
浙公网安备 33010602011771号