RBAC
As part of this roles workflow, A set of Clester Roles and Cluster Bindings are deployed and ready to use. The intent of these roles is to create a default set of roles that only require the authorization system to provide the users groups. As they have been defined as Cluster Roles you can bind to both cluster and/or namespace.
A minimum access required princible has been adopted in the creation of these roles. With the roles designed to be for whom would access/use the cluster (An End user).
Tip
All Deployed ClusterRole
include a labels authorization/description
and authorization/target
explaining their intended purpose and where they a recommended for binding.
Currently the following roles are deployed as part of this Anible role:
-
authorization:namespace:read
Full read access to all objects except secrets
-
authorization:full
Full read/write access to all objects including secrets
-
authorization:namespace:owner
Full read/write access to all objects including secrets
-
authorization:cluster:view-metrics
View node and pod metrics
-
ToDo-#6 authorization:cluster:admin
Configure the cluster with this not including anything that can be deployed.
About:
This page forms part of our Project Kubernetes Ansible Collection.
Page Metadata
Version: ToDo: place files short git commit hereDate Created: 2023-10-29
Date Edited: 2024-03-13
Contribution:
Would You like to contribute to our Kubernetes Ansible Collection project? You can assist in the following ways:
- Edit This Page If there is a mistake or a way you can improve it.
- Add a Page to the Manual if you would like to add an item to our manual
- Raise an Issue if there is something about this page you would like to improve, and git is unfamiliar to you.
ToDo: Add the page list of contributors