https://kubernetes.io/docs/reference/access-authn-authz/rbac/

master $ kubectl get clusterrole cluster-admin -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  creationTimestamp: "2020-04-25T13:09:24Z"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
  resourceVersion: "43"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/cluster-admin
  uid: 754c3144-13a7-4341-815f-2de9cc72ed6a
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - '*'


master $ kubectl get clusterrolebinding cluster-admin -o yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  creationTimestamp: "2020-04-25T13:09:24Z"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
  resourceVersion: "96"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-admin
  uid: 02ca2ac5-ae57-410d-8dde-84a259ae77bb
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:masters

kubectl create clusterrole michelle-cluster-role --verb=list,get,watch --resource 'nodes'

kubectl create clusterrolebinding  michelle-cluster-rolebinding \
--clusterrole=michelle-cluster-role --user=michelle

add storage

StorageClasses and persistentvolumes

master $ kubectl api-resources | grep "storageclasses\|persistentvolumes"
persistentvolumes                 pv                                          false       PersistentVolume
storageclasses                    sc           storage.k8s.io                 false        StorageClass





kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: storage-admin
rules:
- apiGroups: [""]
  resources: ["persistentvolumes"]
  verbs: ["get", "watch", "list", "create", "delete"]
- apiGroups: ["storage.k8s.io"]
  resources: ["storageclasses"]
  verbs: ["get", "watch", "list", "create", "delete"]



kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: michelle-storage-admin
subjects:
- kind: User
  name: michelle
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: storage-admin
  apiGroup: rbac.authorization.k8s.io
Provide feedback

Saved searches

Use saved searches to filter your results more quickly

30.ClusterRoles.md

30.ClusterRoles.md

Files

30.ClusterRoles.md

Latest commit

History

30.ClusterRoles.md

File metadata and controls
