The Roles and ClusterRoles provided by role-based access control (RBAC) contains a set of permissions. A Role defines permissions within a particular namespace. A ClusterRole defines permissions on cluster-scoped resources. This topic describes how to customize a Role and a ClusterRole.
Prerequisites
The Container Service for Kubernetes (ACK) console is in the canary release stage. To use this component, Submit a ticket to apply to be added to a whitelist.
component of theHow to create an RBAC role
You can create an RBAC role by using a YAML file or in the Container Service for Kubernetes (ACK) console.
Create a Role
If you want to define permissions within a particular namespace, create a Role.
The following YAML template provides an example on how to create a Role in the default namespace. You can use this Role to grant all permissions on pods in the default namespace.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: test-role
namespace: default
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
Create a ClusterRole
If you want to define cluster-wide permissions, create a ClusterRole.
The following YAML template provides an example on how to create a ClusterRole. You can use this ClusterRole to grant all permissions on pods in an individual namespace.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: test-clusterrole
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
For more information about Roles and ClusterRoles, see Roles and ClusterRoles.