对pod资源可以删除,进入终端执行命令,其他资源只读权限

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  creationTimestamp: "2019-10-29T14:21:54Z"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: uki-view

rules:

- apiGroups:

  - ""

  resources:

  - pods

  - pods/attach

  - pods/exec

  - pods/portforward

  - pods/proxy

  verbs:

  - create

  - delete

  - deletecollection

  - patch

  - update

- apiGroups:

  - ""

  resources:

  - configmaps

  - endpoints

  - persistentvolumeclaims

  - pods

  - replicationcontrollers

  - replicationcontrollers/scale

  - serviceaccounts

  - services

  - nodes

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - ""

  resources:

  - bindings

  - events

  - limitranges

  - namespaces/status

  - pods/log

  - pods/status

  - replicationcontrollers/status

  - resourcequotas

  - resourcequotas/status

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - ""

  resources:

  - namespaces

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - apps

  resources:

  - controllerrevisions

  - daemonsets

  - deployments

  - deployments/scale

  - replicasets

  - replicasets/scale

  - statefulsets

  - statefulsets/scale

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - autoscaling

  resources:

  - horizontalpodautoscalers

  verbs:

  - get

  - list

  - watch

  - patch

  - update

- apiGroups:

  - extensions

  resources:

  - daemonsets

  - deployments

  - deployments/scale

  - ingresses

  - networkpolicies

  - replicasets

  - replicasets/scale

  - replicationcontrollers/scale

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - policy

  resources:

  - poddisruptionbudgets

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - networkpolicies

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - get

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - list

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - watch

  

对集群资源具有增删改查的权限

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  creationTimestamp: "2019-10-29T14:21:54Z"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: uki-namespace-all

rules:

- apiGroups:

  - ""

  resources:

  - pods

  - pods/attach

  - pods/exec

  - pods/portforward

  - pods/proxy

  verbs:

  - create

  - delete

  - deletecollection

  - patch

  - update

- apiGroups:

  - ""

  resources:

  - configmaps

  - endpoints

  - persistentvolumeclaims

  - pods

  - replicationcontrollers

  - replicationcontrollers/scale

  - serviceaccounts

  - services

  verbs:

  - get

  - list

  - watch

  - create

  - patch

  - delete

- apiGroups:

  - ""

  resources:

  - bindings

  - events

  - limitranges

  - namespaces/status

  - pods/log

  - pods/status

  - replicationcontrollers/status

  - resourcequotas

  - resourcequotas/status

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - ""

  resources:

  - namespaces

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - apps

  resources:

  - controllerrevisions

  - daemonsets

  - deployments

  - deployments/scale

  - replicasets

  - replicasets/scale

  - statefulsets

  - statefulsets/scale

  verbs:

  - get

  - list

  - watch

  - create

  - patch

  - delete

- apiGroups:

  - autoscaling

  resources:

  - horizontalpodautoscalers

  verbs:

  - get

  - list

  - watch

  - patch

  - update

  - create

  - delete

- apiGroups:

  - extensions

  resources:

  - daemonsets

  - deployments

  - deployments/scale

  - ingresses

  - networkpolicies

  - replicasets

  - replicasets/scale

  - replicationcontrollers/scale

  verbs:

  - get

  - list

  - watch

  - patch

  - create

  - delete

- apiGroups:

  - policy

  resources:

  - poddisruptionbudgets

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - networkpolicies

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - get

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - list

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - watch

  - create

转:https://blog.csdn.net/qq_23191379/article/details/108811404

【转】k8s集群自定义clusterRole样例的更多相关文章

  1. 十七,k8s集群指标API及自定义API

    目录 资源指标: Metrics-Server 资源指标: Metric-Server介绍 Metric-Server部署 下载yaml文件 因为有墙, 所以提前下载image镜像, 当然也可以手动修 ...

  2. 企业运维实践-还不会部署高可用的kubernetes集群?使用kubeadm方式安装高可用k8s集群v1.23.7

    关注「WeiyiGeek」公众号 设为「特别关注」每天带你玩转网络安全运维.应用开发.物联网IOT学习! 希望各位看友[关注.点赞.评论.收藏.投币],助力每一个梦想. 文章目录: 0x00 前言简述 ...

  3. China Azure中部署Kubernetes(K8S)集群

    目前China Azure还不支持容器服务(ACS),使用名称"az acs create --orchestrator-type Kubernetes -g zymtest -n kube ...

  4. 使用kubectl管理k8s集群(二十九)

    前言 在搭建k8s集群之前,我们需要先了解下kubectl的使用,以便在集群部署出现问题时进行检查和处理.命令和语法记不住没有关系,但是请记住主要的语法和命令以及帮助命令的使用. 在下一篇,我们将讲述 ...

  5. 使用Kubeadm创建k8s集群之节点部署(三十一)

    前言 本篇部署教程将讲述k8s集群的节点(master和工作节点)部署,请先按照上一篇教程完成节点的准备.本篇教程中的操作全部使用脚本完成,并且对于某些情况(比如镜像拉取问题)还提供了多种解决方案.不 ...

  6. K8s集群认证之RBAC

    kubernetes认证,授权概括总结: RBAC简明总结摘要:API Server认证授权过程: subject(主体)----->认证----->授权[action(可做什么)]--- ...

  7. 四,k8s集群资源清单定义入门

    目录 资源对象 创建资源的方法 清单帮助命令 创建测试清单 资源的三种创建方式 资源对象 workload:Pod, ReplicaSet, Deployment, StatefulSet, Daem ...

  8. 使用Rancher Server部署本地多节点K8S集群

    当我第一次开始我的Kubernetes之旅时,我一直在寻找一种设置本地部署环境的方式.很多人常常会使用minikube或microk8s,这两者非常适合新手在单节点集群环境下进行操作.但当我已经了解了 ...

  9. k8s集群问题记录

    k8s集群问题记录 k8s学习方案 问题解决思路 主要学习路径: rancher(k8s)->rke->helm->kubectl->k8s(k8s中文api) 常见问题总结: ...

随机推荐

  1. LATEX图片位置

    常用选项[htbp]是浮动格式: -『h』当前位置.将图形放置在正文文本中给出该图形环境的地方.如果本页所剩的页面不够,这一参数将不起作用. -『t』顶部.将图形放置在页面的顶部. -『b』底部.将图 ...

  2. 返回值List是JsonArray

    MyController中: index.jsp中

  3. 集合框架-工具类-Collections-折半最值

    1 package cn.itcast.p2.toolclass.collections.demo; 2 3 import java.util.ArrayList; 4 import java.uti ...

  4. 阿里智能运维实践|阿里巴巴DevOps实践指南

    编者按:本文源自阿里云云效团队出品的<阿里巴巴DevOps实践指南>,扫描上方二维码或前往:https://developer.aliyun.com/topic/devops,下载完整版电 ...

  5. Vue之 css3 样式重置 代码

    reset.css @charset "utf-8";html{background-color:#fff;color:#000;font-size:12px} body,ul,o ...

  6. 洛谷 8 月月赛 & 「PMOI」Round · 04

    T1 T166167 「PMOI-4」人赢 题目大意 给一个数列的前两项分别为\(n\)和\(m\) 当\(i\geq3\)时\(a_i = a_{i-1}*a_{i-2}\)的个位 给定\(n\), ...

  7. 阿里四面:你知道Spring AOP创建Proxy的过程吗?

    Spring在程序运行期,就能帮助我们把切面中的代码织入Bean的方法内,让开发者能无感知地在容器对象方法前后随心添加相应处理逻辑,所以AOP其实就是个代理模式. 但凡是代理,由于代码不可直接阅读,也 ...

  8. new JSONObject 无异常卡顿【Maven+Idea 导包不更新的小坑】

    问题描述 今天在使用JSONObject过程中出现了一个非常不可思议的现象,我Junit测试没有问题,但是就是打开服务器运行的时候,结果就是出不来,经过多次测试发现代码竟然卡在了new JSONObj ...

  9. android 如何动态设置View的margin和padding

    感谢大佬:https://blog.csdn.net/a107494639/article/details/7341077 1.动态设置padding,拿ImageView为例: ImageView ...

  10. 深入epoll

    转载请注明来源:https://www.cnblogs.com/hookjc/ 一. 介绍Epoll 是一种高效的管理socket的模型,相对于select和poll来说具有更高的效率和易用性.传统的 ...