Kubernetes 101 : Default and user-defined roles
We can "bind" these roles to kubernetes accounts using a roleBinding object.
Below we have a short description of some of the default roles in kubernetes:
- cluster-admin role : gives accounts read-write access to all the resources throughout the cluster.
- admin role : gives accounts read-write access to resources in namespaces.
- edit role : gives accounts read-write access to resources - besides roles and roleBindings - in namespace .
- view : gives accounts read-only access to resources in namespaces.
We could create roles using the command line as follows:
The "role_1" role is related to pods and it allows the actions or verbs "list, get".
Remark:
We can use the wildcard “*” to refer to all the verbs and resources.
If we don't mention resource names the role will apply to all the resources.
Below is another example of a role in a Yaml file format:
If we don't mention resource names the role will apply to all the resources.
Below is another example of a role in a Yaml file format:
Pods use an empty string as their API version because they belong to the main/core group.
After our role is created using the "kubectl apply" command, we can check it using the below command:
Comments