RBAC

As part of this roles workflow, A set of Clester Roles and Cluster Bindings are deployed and ready to use. The intent of these roles is to create a default set of roles that only require the authorization system to provide the users groups. As they have been defined as Cluster Roles you can bind to both cluster and/or namespace.
A minimum access required princible has been adopted in the creation of these roles. With the roles designed to be for whom would access/use the cluster (An End user).

Tip

All Deployed ClusterRole include a labels authorization/description and authorization/target explaining their intended purpose and where they a recommended for binding.

Currently the following roles are deployed as part of this Anible role:

authorization:namespace:read

Full read access to all objects except secrets
authorization:full

Full read/write access to all objects including secrets
authorization:namespace:owner

Full read/write access to all objects including secrets
authorization:cluster:view-metrics

View node and pod metrics
ToDo-#6 authorization:cluster:admin

Configure the cluster with this not including anything that can be deployed.

About:

This page forms part of our Project Kubernetes Ansible Collection.

Page Metadata

Version: ToDo: place files short git commit here
Date Created: 2023-10-29
Date Edited: 2024-03-13

Contribution:

Would You like to contribute to our Kubernetes Ansible Collection project? You can assist in the following ways:

Edit This Page If there is a mistake or a way you can improve it.
Add a Page to the Manual if you would like to add an item to our manual
Raise an Issue if there is something about this page you would like to improve, and git is unfamiliar to you.

ToDo: Add the page list of contributors