dotbalo
/
kubernetes-guide
mirror of https://github.com/dotbalo/kubernetes-guide.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubernetes-guide/docs/chap11/11.1.md

636 B
Raw Blame History

pod-exec-cr.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: pod-exec
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - pods/log
  verbs:
  - get
  - list
- apiGroups:
  - ""
  resources:
  - pods/exec #之前提到的子资源
  verbs:
  - create

ns-readonly.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: namespace-readonly
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - metrics.k8s.io
  resources:
  - pods
  verbs:
  - get
  - list
  - watch