39 lines
1.2 KiB
YAML
39 lines
1.2 KiB
YAML
|
apiVersion: v1
|
||
|
|
kind: Secret
|
||
|
|
metadata:
|
||
|
|
name: default-token
|
||
|
|
namespace: labeds
|
||
|
|
annotations:
|
||
|
|
kubernetes.io/service-account.name: default
|
||
|
|
type: kubernetes.io/service-account-token
|
||
|
|
---
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
|
kind: Role
|
||
|
|
metadata:
|
||
|
|
name: labeds-admin
|
||
|
|
namespace: labeds
|
||
|
|
labels:
|
||
|
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||
|
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||
|
|
rules:
|
||
|
|
- apiGroups: [""]
|
||
|
|
resources: ["*"]
|
||
|
|
verbs: ["get", "list", "watch", "create", "update", "patch"]
|
||
|
|
---
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
|
# This role binding allows "jane" to read pods in the "default" namespace.
|
||
|
|
# You need to already have a Role named "pod-reader" in that namespace.
|
||
|
|
kind: RoleBinding
|
||
|
|
metadata:
|
||
|
|
name: admin-rolebinding
|
||
|
|
namespace: labeds
|
||
|
|
subjects:
|
||
|
|
# You can specify more than one "subject"
|
||
|
|
- kind: ServiceAccount
|
||
|
|
name: default # "name" is case sensitive
|
||
|
|
namespace: labeds
|
||
|
|
roleRef:
|
||
|
|
# "roleRef" specifies the binding to a Role / ClusterRole
|
||
|
|
kind: Role #this must be Role or ClusterRole
|
||
|
|
name: labeds-admin # this must match the name of the Role or ClusterRole you wish to bind to
|
||
|
|
apiGroup: rbac.authorization.k8s.io
|