// Aula 30 - Permissões com bindings https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding # vim developerrolebinding.yaml # developerrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: developer namespace: projeto1 subjects: - kind: Group name: devs apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: developer apiGroup: rbac.authorization.k8s.io # kubectl apply -f developerrolebinding.yaml # kubectl get RoleBinding --namespace=projeto1 # kubectl describe RoleBinding developer --namespace=projeto1 # vim readonlyRoleBinding.yaml # readonlyRoleBinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: business-intelligence namespace: projeto1 subjects: - kind: Group name: bi apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: readonly apiGroup: rbac.authorization.k8s.io # kubectl apply -f readonlyRoleBinding.yaml # kubectl describe RoleBinding business-intelligence --namespace=projeto1 # vim developer-adminRoleBinding.yaml # developer-adminRoleBinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: developer-admin namespace: projeto1 subjects: - kind: User name: vitor apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: developer-admin apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: developer-admin namespace: projeto2 subjects: - kind: User name: vitor apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: developer-admin apiGroup: rbac.authorization.k8s.io # kubectl apply -f developer-adminRoleBinding.yaml # kubectl get RoleBinding developer-admin --namespace=projeto1 # kubectl get RoleBinding developer-admin --namespace=projeto2 # vim readonlyClusterRoleBinding.yaml # readonlyClusterRoleBinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: readonly subjects: - kind: User name: vitor apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: readonly apiGroup: rbac.authorization.k8s.io # kubectl apply -f readonlyClusterRoleBinding.yaml # kubectl get ClusterRoleBinding readonly # vim cluster-operatorClusterRoleBinding.yaml # cluster-operatorClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cluster-operator subjects: - kind: User name: joao apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: cluster-operator apiGroup: rbac.authorization.k8s.io # kubectl apply -f cluster-operatorClusterRoleBinding.yaml # kubectl get ClusterRoleBinding cluster-operator # kubectl get rolebindings,clusterrolebindings \ --all-namespaces \ -o custom-columns='KIND:kind,NAMESPACE:metadata.namespace,\ NAME:metadata.name,SERVICE_ACCOUNTS:subjects[?(@.kind=="ServiceAccount")].name'