Completek8s Classroomnotes 14/Sep/2023

Aggregating RBAC Rules

Existing ClusterRoles can be aggregated to avoid having to define a new set of Rules
Lets create a Cluster Role for listing pods

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: list-pods
  labels:
    rbac-list-pods: "true"
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - list

Lets create a ClusterRole for deleting service

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: delete-services
  labels:
    rbac-delete-services: "true"
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - list

Now we can aggregate i.e combine the both rules while composing a new Role aggr-sample

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: aggr-sample
aggregationRule:
  clusterRoleSelectors:
    - matchLabels:
        rbac-list-pods: "true"
    - matchLabels:
        rbac-delete-services: "true"
rules: []

Refer Here for specs written

Exercise

Create a user called as <yourname>
Create a Role binding with a Role to view anything
Install kubectl in your laptop and try to view pods get,watch,list

Workloads in Kubernetes

Overview

Aggregating RBAC Rules

Exercise

Workloads in Kubernetes

Like this:

Leave a ReplyCancel reply

About continuous learner

AWS Classroomnotes 14/Sep/2023

Azure Classroomnotes 15/Sep/2023

Aggregating RBAC Rules

Exercise

Workloads in Kubernetes

Share this:

Like this:

Leave a ReplyCancel reply

About continuous learner

AWS Classroomnotes 14/Sep/2023

Azure Classroomnotes 15/Sep/2023