对pod资源可以删除,进入终端执行命令,其他资源只读权限

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  creationTimestamp: "2019-10-29T14:21:54Z"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: uki-view

rules:

- apiGroups:

  - ""

  resources:

  - pods

  - pods/attach

  - pods/exec

  - pods/portforward

  - pods/proxy

  verbs:

  - create

  - delete

  - deletecollection

  - patch

  - update

- apiGroups:

  - ""

  resources:

  - configmaps

  - endpoints

  - persistentvolumeclaims

  - pods

  - replicationcontrollers

  - replicationcontrollers/scale

  - serviceaccounts

  - services

  - nodes

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - ""

  resources:

  - bindings

  - events

  - limitranges

  - namespaces/status

  - pods/log

  - pods/status

  - replicationcontrollers/status

  - resourcequotas

  - resourcequotas/status

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - ""

  resources:

  - namespaces

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - apps

  resources:

  - controllerrevisions

  - daemonsets

  - deployments

  - deployments/scale

  - replicasets

  - replicasets/scale

  - statefulsets

  - statefulsets/scale

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - autoscaling

  resources:

  - horizontalpodautoscalers

  verbs:

  - get

  - list

  - watch

  - patch

  - update

- apiGroups:

  - extensions

  resources:

  - daemonsets

  - deployments

  - deployments/scale

  - ingresses

  - networkpolicies

  - replicasets

  - replicasets/scale

  - replicationcontrollers/scale

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - policy

  resources:

  - poddisruptionbudgets

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - networkpolicies

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - get

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - list

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - watch

  

对集群资源具有增删改查的权限

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  creationTimestamp: "2019-10-29T14:21:54Z"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: uki-namespace-all

rules:

- apiGroups:

  - ""

  resources:

  - pods

  - pods/attach

  - pods/exec

  - pods/portforward

  - pods/proxy

  verbs:

  - create

  - delete

  - deletecollection

  - patch

  - update

- apiGroups:

  - ""

  resources:

  - configmaps

  - endpoints

  - persistentvolumeclaims

  - pods

  - replicationcontrollers

  - replicationcontrollers/scale

  - serviceaccounts

  - services

  verbs:

  - get

  - list

  - watch

  - create

  - patch

  - delete

- apiGroups:

  - ""

  resources:

  - bindings

  - events

  - limitranges

  - namespaces/status

  - pods/log

  - pods/status

  - replicationcontrollers/status

  - resourcequotas

  - resourcequotas/status

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - ""

  resources:

  - namespaces

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - apps

  resources:

  - controllerrevisions

  - daemonsets

  - deployments

  - deployments/scale

  - replicasets

  - replicasets/scale

  - statefulsets

  - statefulsets/scale

  verbs:

  - get

  - list

  - watch

  - create

  - patch

  - delete

- apiGroups:

  - autoscaling

  resources:

  - horizontalpodautoscalers

  verbs:

  - get

  - list

  - watch

  - patch

  - update

  - create

  - delete

- apiGroups:

  - extensions

  resources:

  - daemonsets

  - deployments

  - deployments/scale

  - ingresses

  - networkpolicies

  - replicasets

  - replicasets/scale

  - replicationcontrollers/scale

  verbs:

  - get

  - list

  - watch

  - patch

  - create

  - delete

- apiGroups:

  - policy

  resources:

  - poddisruptionbudgets

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - networkpolicies

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - get

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - list

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - watch

  - create

转:https://blog.csdn.net/qq_23191379/article/details/108811404

【转】k8s集群自定义clusterRole样例的更多相关文章

  1. 十七,k8s集群指标API及自定义API

    目录 资源指标: Metrics-Server 资源指标: Metric-Server介绍 Metric-Server部署 下载yaml文件 因为有墙, 所以提前下载image镜像, 当然也可以手动修 ...

  2. 企业运维实践-还不会部署高可用的kubernetes集群?使用kubeadm方式安装高可用k8s集群v1.23.7

    关注「WeiyiGeek」公众号 设为「特别关注」每天带你玩转网络安全运维.应用开发.物联网IOT学习! 希望各位看友[关注.点赞.评论.收藏.投币],助力每一个梦想. 文章目录: 0x00 前言简述 ...

  3. China Azure中部署Kubernetes(K8S)集群

    目前China Azure还不支持容器服务(ACS),使用名称"az acs create --orchestrator-type Kubernetes -g zymtest -n kube ...

  4. 使用kubectl管理k8s集群(二十九)

    前言 在搭建k8s集群之前,我们需要先了解下kubectl的使用,以便在集群部署出现问题时进行检查和处理.命令和语法记不住没有关系,但是请记住主要的语法和命令以及帮助命令的使用. 在下一篇,我们将讲述 ...

  5. 使用Kubeadm创建k8s集群之节点部署(三十一)

    前言 本篇部署教程将讲述k8s集群的节点(master和工作节点)部署,请先按照上一篇教程完成节点的准备.本篇教程中的操作全部使用脚本完成,并且对于某些情况(比如镜像拉取问题)还提供了多种解决方案.不 ...

  6. K8s集群认证之RBAC

    kubernetes认证,授权概括总结: RBAC简明总结摘要:API Server认证授权过程: subject(主体)----->认证----->授权[action(可做什么)]--- ...

  7. 四,k8s集群资源清单定义入门

    目录 资源对象 创建资源的方法 清单帮助命令 创建测试清单 资源的三种创建方式 资源对象 workload:Pod, ReplicaSet, Deployment, StatefulSet, Daem ...

  8. 使用Rancher Server部署本地多节点K8S集群

    当我第一次开始我的Kubernetes之旅时,我一直在寻找一种设置本地部署环境的方式.很多人常常会使用minikube或microk8s,这两者非常适合新手在单节点集群环境下进行操作.但当我已经了解了 ...

  9. k8s集群问题记录

    k8s集群问题记录 k8s学习方案 问题解决思路 主要学习路径: rancher(k8s)->rke->helm->kubectl->k8s(k8s中文api) 常见问题总结: ...

随机推荐

  1. 【VictoriaMetrics】vm单机版和vm-storage的查询功能的对比

    1.vm-storage源码调用表 文件 行号 函数 说明 app/vmstorage/main.go 53 main 入口94行调用srv.RunVMSelect() app/vmstorage/t ...

  2. ipython notebook教程

    一.简介 Jupyter Notebook是一个开源的Web应用程序,允许用户创建和共享包含代码.方程式.可视化和文本的文档.它的用途包括:数据清理和转换.数值模拟.统计建模.数据可视化.机器学习等等 ...

  3. insert语句

    7.4.插入数据insert(DML语句) 语法格式: insert into 表名(字段名1,字段名2,字段名3...) values(值1,值2,值3): 注意:字段名和值要一一对应.什么是一一对 ...

  4. 常见Web服务器

    常见Web服务器

  5. centos6下php53升级为php7

    1.查看版本 [root@web-1 blog]# php -v No log handling enabled - turning on stderr logging Created directo ...

  6. ideal 创建maven 项目

    一 准备工作,已经配置好了maven 环境 .没有的话,参考我的上一篇笔记. 二,ideal相关配置 打开ideal  找到设置. file  ------->setting  .     点击 ...

  7. el表达式中的${param}用法

    el表达式中的${param}? 1. 2. ${param.name} 等价于 request.getParamter("name"),这两种方法一般用于服务器从页面或者客户端获 ...

  8. deque概述

    1.简介 双端队列deque,与vector的最大差异在于: 一.deque运行常数时间对头端或尾端进行元素的插入和删除操作. 二.deque没有所谓的容器概念,因为它是动态地以分段连续空间组合而成随 ...

  9. 「 MySQL高级篇 」MySQL索引原理,设计原则

    大家好,我是melo,一名大二后台练习生,大年初三,我又来充当反内卷第一人了!!! 专栏引言 MySQL,一个熟悉又陌生的名词,早在学习Javaweb的时候,我们就用到了MySQL数据库,在那个阶段, ...

  10. Transformer可解释性:注意力机制注意到了什么?

    原创作者 | FLPPED 论文: Self-Attention Attribution: Interpreting Information Interactions Inside Transform ...