Kubernetes kind: Role

Örnek

Elimizde şöyle bir Role olsun. Bu Role pods ve configmaps kaynaklarını watch, get vs yapabilir. Yani izleyebilir.

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: leader
  labels:
    app: kubernetes-leader-election-example
    group: org.springframework.cloud
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - watch
  - get
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - watch
  - get
  - update
  # resourceNames:
  #   - <config-map name>

Bu Rolü kendime atarım

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app: kubernetes-leader-election-example
    group: org.springframework.cloud
  name: leader
roleRef:
  apiGroup: ""
  kind: Role
  name: leader
subjects:
- kind: ServiceAccount
  name: default
  apiGroup: ""