RBAC


As part of this roles workflow, A set of Clester Roles and Cluster Bindings are deployed and ready to use. The intent of these roles is to create a default set of roles that only require the authorization system to provide the users groups. As they have been defined as Cluster Roles you can bind to both cluster and/or namespace.
A minimum access required princible has been adopted in the creation of these roles. With the roles designed to be for whom would access/use the cluster (An End user).

Tip

All Deployed ClusterRole include a labels authorization/description and authorization/target explaining their intended purpose and where they a recommended for binding.

Currently the following roles are deployed as part of this Anible role:

  • authorization:namespace:read

    Full read access to all objects except secrets

  • authorization:full

    Full read/write access to all objects including secrets

  • authorization:namespace:owner

    Full read/write access to all objects including secrets

  • authorization:cluster:view-metrics

    View node and pod metrics

  • ToDo-#6 authorization:cluster:admin

    Configure the cluster with this not including anything that can be deployed.

About:

This page forms part of our Project Kubernetes Ansible Collection.

Page Metadata
Version: ToDo: place files short git commit here
Date Created: 2023-10-29
Date Edited: 2024-03-13

Contribution:

Would You like to contribute to our Kubernetes Ansible Collection project? You can assist in the following ways:

 

ToDo: Add the page list of contributors