Certainly! Here’s a simple example of Role-Based Access Control (RBAC) in Kubernetes, demonstrating how to create a Role and a RoleBinding.
Scenario:
Suppose you want to allow a user named developer to read pods in the development namespace.
Step 1: Create a Role
First, create a Role that grants read access to pods.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: development
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]Step 2: Create a RoleBinding
Next, bind the Role to the user developer so they can use the permissions defined in the Role.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods
namespace: development
subjects:
- kind: User
name: developer
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.ioApplying the Configuration
Save the above YAML configurations to files (e.g., role.yaml and rolebinding.yaml) and apply them using kubectl:
kubectl apply -f role.yaml
kubectl apply -f rolebinding.yamlSummary:
In this example, the pod-reader Role allows the user developer to read pods in the development namespace. The RoleBinding associates the Role with the user, granting them the specified permissions. If you have further questions or need more examples, feel free to ask!
