53 lines
636 B
Markdown
53 lines
636 B
Markdown
**pod-exec-cr.yaml**
|
||
|
||
```
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRole
|
||
metadata:
|
||
name: pod-exec
|
||
rules:
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- pods
|
||
- pods/log
|
||
verbs:
|
||
- get
|
||
- list
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- pods/exec #之前提到的子资源
|
||
verbs:
|
||
- create
|
||
|
||
```
|
||
|
||
**ns-readonly.yaml**
|
||
|
||
```
|
||
apiVersion: rbac.authorization.k8s.io/v1
|
||
kind: ClusterRole
|
||
metadata:
|
||
name: namespace-readonly
|
||
rules:
|
||
- apiGroups:
|
||
- ""
|
||
resources:
|
||
- namespaces
|
||
verbs:
|
||
- get
|
||
- list
|
||
- watch
|
||
- apiGroups:
|
||
- metrics.k8s.io
|
||
resources:
|
||
- pods
|
||
verbs:
|
||
- get
|
||
- list
|
||
- watch
|
||
|
||
```
|
||
|