Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Default Roles in Kubernetes

Default ClusterRoleDescription
cluster-adminAllows read/write access to any resources across all namespaces.
adminAllows read/write to any resources in a namespace.
editAllows read/write access to resources in a namespace except Roles and RoleBindings.Β  Does provide access to Secrets.
viewAllows read-only access to resource in a namespace except Roles, RoleBindings, and Secrets.

Creating Roles

MethodExample
kubectl CLI


Code Block
kubectl create role my-ro --verb=get,list,watch --resource=pods,deployments,services


YAML manifest


Code Block
apiVersion: rbac.authroization.k8s.io/v1
kind: Role
metadata:
  name: my-ro
rules:
  - apiGroups:
    - ""
    resources:
    - pods
    - services
    verbs:
    - list
    - get
    - watch
  - apiGroups:
    - apps
    resources:
    - deployments
    verbs:
    - list
    - get
    - watch

The API group name for a resource can be identified by performing kubectl explain <resource> .Β