Namespaced
1
| kubectl api-resources --namespaced=true
|
Cluster Scoped
1
| kubectl api-resources --namespaced=false
|
Cluster Role
Cluster Admin
- Can View Nodes
- Can Create Nodes
- Can Delete Nodes
Storage Admin
- Can View PVs
- Can Create PVs
- Can Delete PVCs
Cluster Role YAML
cluster-admin-role.yaml
1
2
3
4
5
6
7
8
| apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-administrator
rules:
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "list", "get", "create", "delete" ]
|
1
| kubectl create -f cluster-admin-role.yaml
|
Cluster Role Binding
Cluster Admin
- Can View Nodes
- Can Create Nodes
- Can Delete Nodes
Cluster Role Binding YAML
cluster-admin-role-binding.yaml
1
2
3
4
5
6
7
8
9
10
11
12
| apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-admin-role-binding
subjects:
- kind: User
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: cluster-administrator
apiGroup: rbac.authorization.k8s.io
|
1
| kubectl create -f cluster-admin-role-binding.yaml
|
CozyFex