Elimizde şöyle bir Role olsun. Bu Role pods ve configmaps kaynaklarını watch, get vs yapabilir. Yani izleyebilir.
apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:name: leaderlabels:app: kubernetes-leader-election-examplegroup: org.springframework.cloudrules:- apiGroups:- ""resources:- podsverbs:- watch- get- apiGroups:- ""resources:- configmapsverbs:- watch- get- update# resourceNames:# - <config-map name>
Bu Rolü kendime atarım
apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app: kubernetes-leader-election-example group: org.springframework.cloud name: leader roleRef: apiGroup: "" kind: Role name: leader subjects: - kind: ServiceAccount name: default apiGroup: ""
Hiç yorum yok:
Yorum Gönder