ClusterRole 생성 후 ClusterRoleBinding 연결
조건
- clusterrole name : deployment-clusterrole
- clusterrole rules : deployment, statefulset, daemonset 에 대하여 생성권한
- clusterrole namespace : app-team1
- clusterrolebinding : serviceaccount ID 는 git
- clusterrolebinding namespace : dev
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
namespace: dev
name: deployment-clusterrole
rules:
- apiGroups: [""]
resources: ["Deployment", "StatefulSet", "DaemonSet"]
verbs: ["create"]apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
name: any-name
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: deployment-clusterrole
subjects:
- kind: ServiceAccount
name: git
namespace: dev
https://kubernetes.io/docs/reference/access-authn-authz/rbac/
'k8s > CKA' 카테고리의 다른 글
| [연습]6. Pod run with env (0) | 2023.03.02 |
|---|---|
| [연습]5. Pod run (0) | 2023.03.02 |
| [연습]4. expose AND service (0) | 2023.03.02 |
| [연습]3. NetworkPolicy (0) | 2023.03.02 |
| [연습]2. cordon AND drain (0) | 2023.03.02 |