@ -132,6 +132,32 @@ rules:
|
||||
- list
|
||||
- watch
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
annotations:
|
||||
authorization/description: |-
|
||||
Provide access for adding/editing/removing Ingress'.
|
||||
|
||||
This role is designed for a user who is responsible for the
|
||||
cluster ingress.
|
||||
authorization/target: namespace
|
||||
name: authorization:cluster:ingress-admin
|
||||
rules:
|
||||
- apiGroups:
|
||||
- "*"
|
||||
resources:
|
||||
- pods
|
||||
- nodes
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- delete
|
||||
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
@ -185,6 +211,20 @@ subjects:
|
||||
- kind: Group
|
||||
name: technician
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: authorization:ingress-admin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: authorization:cluster:ingress-admin
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: Group
|
||||
name: administrators
|
||||
|
||||
|
||||
# ---
|
||||
# kind: ClusterRoleBinding
|
||||
|
||||
Reference in New Issue
Block a user