Clusters with RBAC
Using Infra App in RBAC-enabled clusters
Single Namespace access
Kubernetes configuration file
- context:
cluster: gke_test-cluster-abcdefg_us-central1-c_cluster-1
namespace: default # This tells Infra App which namespace to use
user: gke_test-cluster-abcdefg_us-central1-c_cluster-1
name: gke_test-cluster-abcdefg_us-central1-c_cluster-1-single-namespaceRequired RBAC Rules
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default #replace with your namespace
name: example-role #replace with your role name
rules:
- apiGroups: [""]
resources: ["pods", "pods/log", "events", "services", "configmaps", "persistentvolumeclaims", "endpoints"]
verbs: ["get", "watch", "list", "delete"]
- apiGroups: [""] # For pod shell access
resources: ["pods/exec"]
verbs: ["get", "watch", "create"]
- apiGroups: ["extensions", "apps"]
resources: ["deployments", "replicasets", "statefulsets", "daemonsets"]
verbs: ["get", "watch", "list"]
- apiGroups: ["extensions", "batch"]
resources: ["jobs", "cronjobs"]
verbs: ["get", "watch", "list"]
- apiGroups: ["extensions", "networking.k8s.io"] # For ingresses
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: ["metrics.k8s.io"] # For metrics access
resources: ["pods"]
verbs: ["get", "watch", "list"]Last updated
Was this helpful?