对pod资源可以删除,进入终端执行命令,其他资源只读权限

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  creationTimestamp: "2019-10-29T14:21:54Z"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: uki-view

rules:

- apiGroups:

  - ""

  resources:

  - pods

  - pods/attach

  - pods/exec

  - pods/portforward

  - pods/proxy

  verbs:

  - create

  - delete

  - deletecollection

  - patch

  - update

- apiGroups:

  - ""

  resources:

  - configmaps

  - endpoints

  - persistentvolumeclaims

  - pods

  - replicationcontrollers

  - replicationcontrollers/scale

  - serviceaccounts

  - services

  - nodes

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - ""

  resources:

  - bindings

  - events

  - limitranges

  - namespaces/status

  - pods/log

  - pods/status

  - replicationcontrollers/status

  - resourcequotas

  - resourcequotas/status

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - ""

  resources:

  - namespaces

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - apps

  resources:

  - controllerrevisions

  - daemonsets

  - deployments

  - deployments/scale

  - replicasets

  - replicasets/scale

  - statefulsets

  - statefulsets/scale

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - autoscaling

  resources:

  - horizontalpodautoscalers

  verbs:

  - get

  - list

  - watch

  - patch

  - update

- apiGroups:

  - extensions

  resources:

  - daemonsets

  - deployments

  - deployments/scale

  - ingresses

  - networkpolicies

  - replicasets

  - replicasets/scale

  - replicationcontrollers/scale

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - policy

  resources:

  - poddisruptionbudgets

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - networkpolicies

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - get

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - list

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - watch

  

对集群资源具有增删改查的权限

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRole

metadata:

  annotations:

    rbac.authorization.kubernetes.io/autoupdate: "true"

  creationTimestamp: "2019-10-29T14:21:54Z"

  labels:

    kubernetes.io/bootstrapping: rbac-defaults

  name: uki-namespace-all

rules:

- apiGroups:

  - ""

  resources:

  - pods

  - pods/attach

  - pods/exec

  - pods/portforward

  - pods/proxy

  verbs:

  - create

  - delete

  - deletecollection

  - patch

  - update

- apiGroups:

  - ""

  resources:

  - configmaps

  - endpoints

  - persistentvolumeclaims

  - pods

  - replicationcontrollers

  - replicationcontrollers/scale

  - serviceaccounts

  - services

  verbs:

  - get

  - list

  - watch

  - create

  - patch

  - delete

- apiGroups:

  - ""

  resources:

  - bindings

  - events

  - limitranges

  - namespaces/status

  - pods/log

  - pods/status

  - replicationcontrollers/status

  - resourcequotas

  - resourcequotas/status

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - ""

  resources:

  - namespaces

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - apps

  resources:

  - controllerrevisions

  - daemonsets

  - deployments

  - deployments/scale

  - replicasets

  - replicasets/scale

  - statefulsets

  - statefulsets/scale

  verbs:

  - get

  - list

  - watch

  - create

  - patch

  - delete

- apiGroups:

  - autoscaling

  resources:

  - horizontalpodautoscalers

  verbs:

  - get

  - list

  - watch

  - patch

  - update

  - create

  - delete

- apiGroups:

  - extensions

  resources:

  - daemonsets

  - deployments

  - deployments/scale

  - ingresses

  - networkpolicies

  - replicasets

  - replicasets/scale

  - replicationcontrollers/scale

  verbs:

  - get

  - list

  - watch

  - patch

  - create

  - delete

- apiGroups:

  - policy

  resources:

  - poddisruptionbudgets

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - networkpolicies

  verbs:

  - get

  - list

  - watch

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - get

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - list

- apiGroups:

  - networking.k8s.io

  resources:

  - ingresses

  verbs:

  - watch

  - create

转:https://blog.csdn.net/qq_23191379/article/details/108811404

【转】k8s集群自定义clusterRole样例的更多相关文章

  1. 十七,k8s集群指标API及自定义API

    目录 资源指标: Metrics-Server 资源指标: Metric-Server介绍 Metric-Server部署 下载yaml文件 因为有墙, 所以提前下载image镜像, 当然也可以手动修 ...

  2. 企业运维实践-还不会部署高可用的kubernetes集群?使用kubeadm方式安装高可用k8s集群v1.23.7

    关注「WeiyiGeek」公众号 设为「特别关注」每天带你玩转网络安全运维.应用开发.物联网IOT学习! 希望各位看友[关注.点赞.评论.收藏.投币],助力每一个梦想. 文章目录: 0x00 前言简述 ...

  3. China Azure中部署Kubernetes(K8S)集群

    目前China Azure还不支持容器服务(ACS),使用名称"az acs create --orchestrator-type Kubernetes -g zymtest -n kube ...

  4. 使用kubectl管理k8s集群(二十九)

    前言 在搭建k8s集群之前,我们需要先了解下kubectl的使用,以便在集群部署出现问题时进行检查和处理.命令和语法记不住没有关系,但是请记住主要的语法和命令以及帮助命令的使用. 在下一篇,我们将讲述 ...

  5. 使用Kubeadm创建k8s集群之节点部署(三十一)

    前言 本篇部署教程将讲述k8s集群的节点(master和工作节点)部署,请先按照上一篇教程完成节点的准备.本篇教程中的操作全部使用脚本完成,并且对于某些情况(比如镜像拉取问题)还提供了多种解决方案.不 ...

  6. K8s集群认证之RBAC

    kubernetes认证,授权概括总结: RBAC简明总结摘要:API Server认证授权过程: subject(主体)----->认证----->授权[action(可做什么)]--- ...

  7. 四,k8s集群资源清单定义入门

    目录 资源对象 创建资源的方法 清单帮助命令 创建测试清单 资源的三种创建方式 资源对象 workload:Pod, ReplicaSet, Deployment, StatefulSet, Daem ...

  8. 使用Rancher Server部署本地多节点K8S集群

    当我第一次开始我的Kubernetes之旅时,我一直在寻找一种设置本地部署环境的方式.很多人常常会使用minikube或microk8s,这两者非常适合新手在单节点集群环境下进行操作.但当我已经了解了 ...

  9. k8s集群问题记录

    k8s集群问题记录 k8s学习方案 问题解决思路 主要学习路径: rancher(k8s)->rke->helm->kubectl->k8s(k8s中文api) 常见问题总结: ...

随机推荐

  1. HttpRunner3的用例是怎么运行起来的

    在PyCharm中打开examples/httpbin/basic_test.py: 首先映入眼帘的是左上角那个绿色小箭头,点了一下,可以直接运行,意味着HttpRunner是能够直接被pytest驱 ...

  2. eclipse导入项目jdk版本不一样

    一:eclipse导入项目jdk版本不一样解决方案 参考博文: https://www.cnblogs.com/chenmingjun/p/8472885.html 选中项目右键 --> Pro ...

  3. 🏆【Alibaba中间件技术系列】「RocketMQ技术专题」Broker服务端自动创建topic的原理分析和问题要点指南

    前提背景 使用RocketMQ进行发消息时,一般我们是必须要指定topic,此外topic必须要提前建立,但是topic的创建(自动或者手动方式)的设置有一个开关autoCreateTopicEnab ...

  4. prometheus基本概念(思维导图)

    参考文章: prometheus词汇表 prometheus的summary和histogram指标的简单理解

  5. vue学习15-自定义组件model使用

    <!DOCTYPE html> <html lang='en'> <head> <meta charset='UTF-8'> <meta http ...

  6. VUE3 之 Non-Props 属性

    1. 概述 墨菲定律告诉我们:人总是容易犯错误的,无论科技发展到什么程度,无论是什么身份的人,错误总是会在不经意间发生.因此我们最好在做重要的事情时,尽量去预估所有可能发生的错误,并思考错误发生后的补 ...

  7. gin中绑定查询字符串或表单数据

    package main import ( "github.com/gin-gonic/gin" "log" "time" ) type P ...

  8. java-导入import

    1 package face_package; 2 3 import face_packagedemoA.DemoA; 4 import face_packagedemoB.DemoB; 5 //真正 ...

  9. Elasticsearch使用系列-ES增删查改基本操作+ik分词

    Elasticsearch使用系列-ES简介和环境搭建 Elasticsearch使用系列-ES增删查改基本操作+ik分词 一.安装可视化工具Kibana ES是一个NoSql数据库应用.和其他数据库 ...

  10. Flink 如何通过2PC实现Exactly-once语义 (源码分析)

    Flink通过全局快照能保证内部处理的Exactly-once语义 但是端到端的Exactly-once还需要下游数据源配合,常见的通过幂等或者二阶段提交这两种方式保证 这里就来分析一下Sink二阶段 ...