Skip to main content

imodouLess than 1 minute
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: role-grantor
rules:

  - apiGroups: [ "rbac.authorization.k8s.io" ]
    resources: [ "rolebindings" ]
    verbs: [ "create" ]

  - apiGroups: [ "rbac.authorization.k8s.io" ]
    resources: [ "clusterroles" ]
    verbs: [ "bind" ]

    # 忽略 resourceNames 意味着允许绑定任何 ClusterRole

    resourceNames: [ "admin","edit","view" ]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: role-grantor-binding
  namespace: user-1-namespace
subjects:

  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: user-1
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: role-grantor
Default footer
Copyright © 2024 imodou