31 lines
752 B
YAML
31 lines
752 B
YAML
# 针对demo 命名空间授权
|
||
apiVersion: v1
|
||
kind: ServiceAccount
|
||
metadata:
|
||
name: pre-admin
|
||
namespace: demo
|
||
---
|
||
kind: Role
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
metadata:
|
||
namespace: demo
|
||
name: pods-reader-writer
|
||
rules:
|
||
- apiGroups: [""] # "" indicates the core API group
|
||
resources: ["*"]
|
||
verbs: ["*"]
|
||
---
|
||
kind: RoleBinding
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
metadata:
|
||
name: pods-reader-writer
|
||
namespace: demo
|
||
subjects:
|
||
- kind: ServiceAccount #这里可以是User,Group,ServiceAccount
|
||
name: demo-pods-admin
|
||
namespace: demo
|
||
roleRef:
|
||
kind: Role #这里可以是Role或者ClusterRole,若是ClusterRole,则权限也仅限于rolebinding的内部
|
||
name: pods-reader-writer
|
||
apiGroup: rbac.authorization.k8s.io
|