Container Service for Kubernetes:Customize an RBAC role

How to create an RBAC role

You can create an RBAC role by using a YAML file or in the Container Service for Kubernetes (ACK) console.

Create a Role

If you want to define permissions within a particular namespace, create a Role.

The following YAML template provides an example on how to create a Role in the default namespace. You can use this Role to grant all permissions on pods in the default namespace.

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: test-role
  namespace: default
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch

Create a ClusterRole

If you want to define cluster-wide permissions, create a ClusterRole.

The following YAML template provides an example on how to create a ClusterRole. You can use this ClusterRole to grant all permissions on pods in an individual namespace.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: test-clusterrole
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch

For more information about Roles and ClusterRoles, see Roles and ClusterRoles.

Create a custom RBAC role

1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

2. On the Clusters page, click the name of the cluster that you want to manage and choose Security > Role in the left-side navigation pane.

3. On the Role page, click the Cluster Role tab.

4. On the Cluster Role tab, click Create.

5. In the Create YAML pane, enter the content of the ClusterRole and click OK to create the ClusterRole.

   In this step, the YAML template used in the Create a ClusterRole section of How to create an RBAC role is used. After the ClusterRole is created, you can view the created ClusterRole test-clusterrole on the Cluster Role tab.