Created
January 15, 2019 16:56
-
-
Save ddgenome/159f6c30f5d252e4ebd56c6067b9a604 to your computer and use it in GitHub Desktop.
Kubernetes RBAC role, service account, and role binding for no access to in-cluster Kubernetes API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import * as k8s from "@kubernetes/client-node"; | |
| import { DeepPartial } from "ts-essentials"; | |
| const serviceAccount: DeepPartial<k8s.V1ServiceAccount> = { | |
| apiVersion: "v1", | |
| kind: "ServiceAccount", | |
| metadata: { | |
| name: "noaccess", | |
| }, | |
| }; | |
| const role: DeepPartial<k8s.V1Role> = { | |
| apiVersion: "rbac.authorization.k8s.io/v1beta1", | |
| kind: "Role", | |
| metadata: { | |
| name: "noaccess", | |
| }, | |
| rules: [], | |
| }; | |
| const roleBinding: DeepPartial<k8s.V1RoleBinding> = { | |
| apiVersion: "rbac.authorization.k8s.io/v1beta1", | |
| kind: "RoleBinding", | |
| metadata: { | |
| name: "noaccess", | |
| }, | |
| roleRef: { | |
| apiGroup: "rbac.authorization.k8s.io", | |
| kind: "Role", | |
| name: "noaccess", | |
| }, | |
| subjects: [ | |
| { | |
| kind: "ServiceAccount", | |
| name: "noaccess", | |
| }, | |
| ], | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks @ddgenome. I assume I have to apply top down.