Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Example of roles in K8S with RBAC
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: staging-node-user
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services", "services/proxy"]
verbs: ["proxy", "get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: staging-node-user-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: staging-node-user
subjects:
# Test user
- apiGroup: rbac.authorization.k8s.io
kind: User
name: test@jetthoughts.com
# Infrastructure team
- apiGroup: rbac.authorization.k8s.io
kind: User
name: ninja@jetthoughts.com
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: event-lister-user-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
# Test user
- apiGroup: rbac.authorization.k8s.io
kind: User
name: test@jetthoughts.com
# Infrastructure team
- apiGroup: rbac.authorization.k8s.io
kind: User
name: ninja@jetthoughts.com
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: project
name: dev
rules:
- apiGroups: [""]
resources: ["pods", "deployments", "jobs", "services", "configmaps"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["extensions", "apps", "autoscaling"]
resources: ["deployments", "horizontalpodautoscalers", "ingresses", "replicasets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get"]
- apiGroups: [""]
resources: ["pods/exec", "pods/attach"]
verbs: ["create", "delete"]
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: project
name: admin
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: project-dev-binding
namespace: project
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dev
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: john@jetthoughts.com
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: project-admin-binding
namespace: project
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: admin@jetthoughts.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment