[英]RBAC kubectl add/patch to existing rolebinding
Update: The reason for patching it to add a role to the rolebinding更新:修补它以将角色添加到角色绑定的原因
Is it possible to add/patch to an existing cluster/rolebinding.是否可以添加/修补现有集群/角色绑定。
To save on obfuscation, I am thinking it would be nice to be able to add to an existing rolebinding.为了避免混淆,我认为能够添加到现有的角色绑定中会很好。
Adding/patch to a role - I see as aa no go, but for rolebinding - yes please :-)添加/修补角色 - 我认为不可行,但对于角色绑定 - 是的,请:-)
Tried this but no success - so if possible, how to?试过这个但没有成功 - 所以如果可能的话,怎么做?
subjects:
- kind: ServiceAccount
name: test-service-account # Name is case sensitive
apiGroup: ""
namespace: default
# core/v1 .. rbac.authorization.k8s.io
roleRef:
kind: Role #this must be Role or ClusterRole
name: pod-reader-2add # this must match the name of the Role or ClusterRole you wish to bind to
apiGroup: rbac.authorization.k8s.io
And patched:并修补:
kubectl patch rolebinding read-pods --patch "$(cat rolebinding2patch.yaml)"
The RoleBinding "read-pods" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"Role", Name:"pod-reader-2add"}: cannot change roleRef
roleRef in role binding is immutable by design.角色绑定中的 roleRef 在设计上是不可变的。 Hence you can not change it.
因此你不能改变它。
Here is the validation code:这是验证代码:
func ValidateRoleBindingUpdate(roleBinding *rbac.RoleBinding, oldRoleBinding *rbac.RoleBinding) field.ErrorList {
allErrs := ValidateRoleBinding(roleBinding)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&roleBinding.ObjectMeta, &oldRoleBinding.ObjectMeta, field.NewPath("metadata"))...)
if oldRoleBinding.RoleRef != roleBinding.RoleRef {
allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef"), roleBinding.RoleRef, "cannot change roleRef"))
}
return allErrs
}
You can patch rolebindings.您可以修补角色绑定。
$ cat patch.yaml
subjects:
- kind: ServiceAccount
name: my-new-service-account
namespace: default
$ kubectl patch rolebinding my-rolebinding --patch "$(cat patch.yaml)"
rolebinding.rbac.authorization.k8s.io/my-rolebinding patched
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.