DEVHIDE
Login Or Sign up

Modify ClusterRole for Kubernetes

937 Views Asked by At

I want to use the ClusterRole edit for some users of my Kubernetes cluster (https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles).

However, it is unfortunate that the user can be accessing and modifying Resource Quotas and Limit Ranges.

My question is now: How can I grant Users via a RoleBinding access to a namespace, such that the Role is essentially the CluserRole edit, but without having any access to Resource Quotas and Limit Ranges?

kubernetes kubernetes-helm rbac k8s-serviceaccount k8s-rolebinding
Original Q&A
1

There are 1 best solutions below

2
On BEST ANSWER

The edit role gives only read access to resourcequotas and limitranges:

- apiGroups:
  - ""
  resources:
  - bindings
  - events
  - limitranges
  - namespaces/status
  - pods/log
  - pods/status
  - replicationcontrollers/status
  - resourcequotas
  - resourcequotas/status
  verbs:
  - get
  - list
  - watch

If you want a role that doesn't include read access to these resources, just make a copy of the edit role with those resources excluded.

Related Questions in KUBERNETES

Related Questions in KUBERNETES-HELM

Related Questions in RBAC

Related Questions in K8S-SERVICEACCOUNT

Related Questions in K8S-ROLEBINDING

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.