kuboard低权限账号yaml文件配置（增加pod部分编辑权限）

#cat role.yaml 
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kuboard-viewer-extended
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: clusterrole1 # 指定要绑定的 ClusterRole 的名称
subjects:
- kind: ServiceAccount
  name: kuboard-viewer
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: clusterrole1
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
  #- create
  - list
  #- update
  - patch
- apiGroups:
  - apps
  resources:
  - deployments
  - statefulsets
  verbs:
  - get
  - patch
  #- create
  - list
  #- update
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kuboard-viewer
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kuboard-viewer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view
subjects:
- kind: ServiceAccount
  name: kuboard-viewer
  namespace: kube-system

posted @ 2024-04-02 15:56 A学无止境A 阅读(37) 评论(0) 编辑收藏举报

刷新页面返回顶部

A学无止境A

部分文档借鉴马哥教育

kuboard低权限账号yaml文件配置（增加pod部分编辑权限）

公告