1.5 KiB
title, description, date, template, about
| title | description | date | template | about |
|---|---|---|---|---|
| RBAC | No Fuss Computings Ansible role nfc_kubernetes RBAC documentation. | 2023-10-29 | project.html | https://gitlab.com/nofusscomputing/projects/ansible/roles/kubernetes |
As part of this roles workflow, A set of Clester Roles and Cluster Bindings are deployed and ready to use. The intent of these roles is to create a default set of roles that only require the authorization system to provide the users groups. As they have been defined as Cluster Roles you can bind to both cluster and/or namespace.
A minimum access required princible has been adopted in the creation of these roles. With the roles designed to be for whom would access/use the cluster (An End user).
!!! tip
All Deployed ClusterRole include a labels authorization/description and authorization/target explaining their intended purpose and where they a recommended for binding.
Currently the following roles are deployed as part of this Anible role:
-
authorization:namespace:read
Full read access to all objects except secrets
-
authorization:full
Full read/write access to all objects including secrets
-
authorization:namespace:owner
Full read/write access to all objects including secrets
-
authorization:cluster:view-metrics
View node and pod metrics
-
ToDo-#6 authorization:cluster:admin
Configure the cluster with this not including anything that can be deployed.