eks rbac

문학적인유사성·2023년 10월 23일
RBACaws
0

뎁옵깃옵쿠베

목록 보기
42/53
post-custom-banner
kubectl edit configmap aws-auth --namespace kube-system



  mapRoles: |
    - rolearn: arn:aws:iam::${account number}:role/${iam role name}
      username: ${user name}
  mapUsers: |
    - userarn: arn:aws:iam::${account number}:user/${iam user name}
      username: ${user name}
      groups:
      - system:masters
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ${role name}
  namespace: ${namespace}
rules:
  - apiGroups:
      - ""
    resources:
      - "namespaces"
    verbs:
      - "get"
      - "list"
  - apiGroups:
      - ""
      - "apps"
      - "batch"
      - "extensions"
      - "autoscaling"
      - "networking.k8s.io"
      - "rbac.authorization.k8s.io"
      - "networking.istio.io"
    resources:
      - "configmaps"
      - "cronjobs"
      - "deployments"
      - "events"
      - "ingresses"
      - "jobs"
      - "pods"
      - "pods/attach"
      - "pods/exec"
      - "pods/log"
      - "pods/portforward"
      - "secrets"
      - "services"
      - "serviceaccounts"
      - "persistentvolumeclaims"
      - "horizontalpodautoscalers"
      - "roles"
      - "rolebindings"
      - "endpoints"
      - "statefulsets"
      - "virtualservices"
      - "destinationrules"
      - "daemonsets"
      - "replicasets"
      - "replicationcontrollers"
    verbs:
      - "create"
      - "delete"
      - "describe"
      - "get"
      - "list"
      - "patch"
      - "update"
      - "watch"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ${rolebinding name}
  namespace: ${name space}
subjects:
  - kind: User
    name: ${user name}
roleRef:
  kind: Role
  name: ${role name}
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ${cluster role name}
  labels:
    rbac.example.com/aggregate-to-monitoring: "true"
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["list", "watch", "get", "patch"]
- apiGroups: ["", "storage.k8s.io"]
  resources: [ "storageclasses" , "persistentvolumes"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ${cluster role binding name}
subjects:
- kind: User
  name: ${user name}
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: ${cluster role name}
  apiGroup: rbac.authorization.k8s.io
profile
문학적인유사성
Are you nervous? Don't be
이전 포스트

aws alb controller helm 설치

post-custom-banner

0개의 댓글