Side Gadgets

Kubernetes 101 : Role-based access control aggregation - RBAC - rules


ByPosted at
Share

We can combine different ClusterRoles through the use of labels.

The ClusterRole "pods" allows us to list pods, the ClusterRole
"services" allows to list services.

The below Yaml file describes the ClusterRole named "pods" for listing pods:


The below Yaml file describes the ClusterRole named "services" for listing services:


To combine the above ClusterRoles, we can specify an aggregationRule which describes the labels for these ClusterRoles:


The rule field will have all the ClusterRoles that match the labels in the matchLabels field.

We could check our ClusterRole using the below command:


The aggregationRule specifies "matchLabels" fields that kubernetes uses to match other ClusterRole objects that should be combined into the "aggregate" ClusterRole.
Post a Comment
Labels
Random thoughts, and observations about our daily lives, to make us reflect about life in general.

Comments

Leave as a comment:

Archive