// Aula 28 - Roles

https://kubernetes.io/docs/reference/access-authn-authz/rbac/

# vim developer.yaml

# developer.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: developer
  namespace: projeto1
rules:
- apiGroups: ["", "autoscaling", "apps", "networking.k8s.io"]
  verbs: ["get", "list", "create", "watch", "update"]
  resources: ["*"]

# kubectl create namespace projeto1

# kubectl apply -f developer.yaml

# kubectl get roles --namespace=projeto1

# kubectl describe role developer --namespace=projeto1

https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#-strong-api-groups-strong-

# kubectl api-resources -o wide

# vim developer-readonly.yaml

# developer-readonly.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: developer-readonly
  namespace: projeto1
rules:
- apiGroups: ["*"]
  verbs: ["get", "list"]
  resources: ["*"]

# kubectl apply -f developer-readonly.yaml

# kubectl get roles --namespace=projeto1

# vim developer-admin.yaml

# developer-admin.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: developer-admin
  namespace: projeto1
rules:
- apiGroups: ["*"]
  verbs: ["*"]
  resources: ["*"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: developer-admin
  namespace: projeto2
rules:
- apiGroups: ["*"]
  verbs: ["*"]
  resources: ["*"]

# kubectl create namespace projeto2

# kubectl apply -f developer-admin.yaml

# kubectl get roles --namespace=projeto1

# kubectl get roles --namespace=projeto2

# kubectl describe role developer-admin --namespace=projeto1

# kubectl describe role developer-admin --namespace=projeto2