[연습]1. Create ClusterRole AND ClusterRoleBinding

k8s/CKA

[연습]1. Create ClusterRole AND ClusterRoleBinding

<☆_☆> 2023. 3. 2. 22:25

ClusterRole 생성 후 ClusterRoleBinding 연결

조건

clusterrole name : deployment-clusterrole
clusterrole rules : deployment, statefulset, daemonset 에 대하여 생성권한
clusterrole namespace : app-team1
clusterrolebinding : serviceaccount ID 는 git
clusterrolebinding namespace : dev

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  namespace: dev
  name: deployment-clusterrole

rules:
- apiGroups: [""]
  resources: ["Deployment", "StatefulSet", "DaemonSet"]
  verbs: ["create"]

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  creationTimestamp: null
  name: any-name
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: deployment-clusterrole
subjects:
- kind: ServiceAccount
  name: git
  namespace: dev

https://kubernetes.io/docs/reference/access-authn-authz/rbac/