Created
December 5, 2018 04:49
-
-
Save gupta-himanshu/0371cb82d5f16540c94487cd6b16b3bd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # | |
| # Create a role, `pod-reader`, that can list pods and | |
| # bind the default service account in the `default` namespace | |
| # to that role. | |
| # | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: pod-reader | |
| rules: | |
| - apiGroups: [""] # "" indicates the core API group | |
| resources: ["pods"] | |
| verbs: ["get", "watch", "list"] | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: read-pods | |
| subjects: | |
| # Note the `name` line below. The first default refers to the namespace. The second refers to the service account name. | |
| # For instance, `name: system:serviceaccount:myns:default` would refer to the default service account in namespace `myns` | |
| - kind: User | |
| name: system:serviceaccount:default:default | |
| roleRef: | |
| kind: Role | |
| name: pod-reader | |
| apiGroup: rbac.authorization.k8s.io |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment