Completek8s Classroomnotes 14/Sep/2023

Aggregating RBAC Rules

  • Existing ClusterRoles can be aggregated to avoid having to define a new set of Rules
  • Lets create a Cluster Role for listing pods
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: list-pods
  labels:
    rbac-list-pods: "true"
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - list
  • Lets create a ClusterRole for deleting service
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: delete-services
  labels:
    rbac-delete-services: "true"
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - list
  • Now we can aggregate i.e combine the both rules while composing a new Role aggr-sample
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: aggr-sample
aggregationRule:
  clusterRoleSelectors:
    - matchLabels:
        rbac-list-pods: "true"
    - matchLabels:
        rbac-delete-services: "true"
rules: []

Exercise

  • Create a user called as <yourname>
  • Create a Role binding with a Role to view anything
  • Install kubectl in your laptop and try to view pods get,watch,list

Workloads in Kubernetes

  • Overview
Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version
%%footer%%