From ca8462aa125e10d031b441163f9ea568a050dd0e Mon Sep 17 00:00:00 2001 From: Sander van Vugt Date: Wed, 16 Sep 2020 11:12:05 +0200 Subject: [PATCH] roles topic added --- clusterrol.yaml | 8 ++++++++ config.anna | 19 +++++++++++++++++++ podacessrole.yaml | 9 +++++++++ rolebinding.yaml | 13 +++++++++++++ 4 files changed, 49 insertions(+) create mode 100644 clusterrol.yaml create mode 100644 config.anna create mode 100644 podacessrole.yaml create mode 100644 rolebinding.yaml diff --git a/clusterrol.yaml b/clusterrol.yaml new file mode 100644 index 0000000..c67c0c7 --- /dev/null +++ b/clusterrol.yaml @@ -0,0 +1,8 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: secret-reader +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] diff --git a/config.anna b/config.anna new file mode 100644 index 0000000..27ccf2c --- /dev/null +++ b/config.anna @@ -0,0 +1,19 @@ +apiVersion: v1 +clusters: +- cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01Ea3hOREV5TWpFMU1Gb1hEVE13TURreE1qRXlNakUxTUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTjBXCjZxQkZPTVpRU2wxYTROd0dIeTJjZmZaaWg5bFJFc04zTkVqZXBxYzY1ZWJJTFR6R3hhNytnREZSYzZPUGk4REcKUFZhQzNMVFlaRk1udW9xOGNJbjlma0VoK2tPblBvOFFmc0tPdktXdmpibWVqZVFBMnBSbHNsVnJFcStKN1dQZwpoSVhhTDFsMUxpRWZaN1hOTE94SDArVEU5eWtjaEhhdjRsOGtoZWladUczMlVhSVpuRmh4Wnp2TC9vNGNPeXZPCmZSNUh3OCt2NUVqaWNoMmJjU0d2WGFKMkNXVXRUcDBERmVmWEpvM3gwbWJ2VjhjU0N5UURpUnB2STB5QmFxa3AKMFcrQnRvSVpISWtZWUkxblYzSjN6dVloeW5QekpjUHR6Ykk0QnhMeDN2M0lRN3lrWWYrakh0K2t0L1o3VDllYQpkRWpUUllSVzd5M1lsSGpjUWdFQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZHeGJuWEpsdklJYUswcDFQQllVNWpxQjNUM3pNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDYTR5bzU5RW5tTzJ3V1RjUXQ2di93RlRNRXpocFdZRktpbHdheVFRaEZpM1JTTk42Ugp1NDNmSDR6dHYxdk14TXR4M1F2czVET0ZRd28rNTR6TktUTXYzVlpWUFpIbDBsMlpNV1NnbGI2dWp2SEF5emxJCnlNOWdEOG5hODZ1cWZiOUtHNzI3SWRnWlVKeTVhYzNlbU04ZUw2eksvV2pTb1VVREloVlI5VW9WVmNMaXY3S2YKU0NzdlowRzNYdTMvWCtVeE5TNEFrNTl3bHJWL0EyODFOcHZobCt0V0hOVjRndVZYL1VWaEVydmQ5ck1pYXZERgpxTnFEVDBwTmt3WmlPWkVQbERtdnhXalVOdS9EYXNMd1dJdlVxOVYrOENTdHp6RThvcjJld0NHRXA2aG5HS0JtCmZ5aUVMRXdJdHd6N0xhZnU4TlFxSWl2TVg5cUZuRTA3Z002ZQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://192.168.4.90:6443 + name: kubernetes +contexts: +- context: + cluster: kubernetes + user: anna + name: anna-context +current-context: anna-context +kind: Config +preferences: {} +users: +- name: anna + user: + client-certificate: /home/anna/.certs/anna.crt + client-key: /home/anna/.certs/anna.key diff --git a/podacessrole.yaml b/podacessrole.yaml new file mode 100644 index 0000000..d79fbcc --- /dev/null +++ b/podacessrole.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: default + name: pod-reader +rules: +- apiGroups: [""] # "" indicates the core API grouop + resources: ["pods"] + verbs: ["get", "watch", "list"] diff --git a/rolebinding.yaml b/rolebinding.yaml new file mode 100644 index 0000000..83776e8 --- /dev/null +++ b/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: read-pods + namespace: default +subjects: +- kind: User + name: anna + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: Role + name: pod-reader + apiGroup: rbac.authorization.k8s.io