====== Kubernetes: RBAC включение на namespace ======
Создадим namespace auchan-ecom, доступ к которому будем разрешать пользователю artur:
# kubectl create namespace auchan-ecom
//Как создавать пользователя [[https://fatalex.cifro.netdoku.php/devops/k8s/k8s_dostup_sertificate/|было описано тут]].//
Создаём файл с описанием role и rolebindig — 01. yaml следующего содержания:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: auchan-ecom # namespace к которому применяются огранияения
name: artur-role
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods", "services", "replicationcontrollers"]
verbs: ["create", "get", "update", "list", "delete"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]
- apiGroups: ["apps"]
resources: ["deployments","daemonsets","replicasets","statefulsets"]
verbs: ["create", "get", "update", "patch", "list", "delete", "deploy"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["create", "get", "update", "list", "delete"]
- apiGroups: ["batch"]
resources: ["jobs","cronjobs"]
verbs: ["create", "get", "update", "list", "delete"]
--- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: artur-rb
namespace: auchan-ecom
subjects:
- kind: User
name: artur
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: artur-role
apiGroup: rbac.authorization.k8s.io
Создаем роли и биндинги в кубернетес.
# kubectl apply -f 01.yaml
Всё.