简体繁体 English

Kubernetes RBAC 集减法 / cluster-admin 没有能力

[英]Kubernetes RBAC set subtraction / cluster-admin without capabilities

原文 2022-07-17 11:56:16 4 1 kubernetes/ openshift/ rbac

Is it possible to create a Kubernetes cluster admin without the ability to modify/read certain namespace and its content?是否可以创建一个 Kubernetes 集群管理员而不能修改/读取某些命名空间及其内容？

I am talking about subtracting certain permissions from existing role.我说的是从现有角色中减去某些权限。

thanks.谢谢。

1 个解决方案

To get the behavior you want you would need a set subtraction of cluster-admin role minus the rules that you have defined.要获得您想要的行为，您需要一组减去集群管理员角色减去您定义的规则。 It's not supported in K8s as of this writing.在撰写本文时，K8s 不支持它。

If you need a custom role which has less permissions than a predefined role, it would be more clear to list those permissions rather than to list the inverse of those permissions.如果您需要一个权限少于预定义角色的自定义角色，那么列出这些权限而不是列出这些权限的倒数会更清楚。

Kubernetes RBAC cluster-admin 无密读权限 - Kubernetes RBAC cluster-admin without secret reading permission

Kubernetes 1.6+ RBAC：通过kubectl以角色cluster-admin的身份访问 - Kubernetes 1.6+ RBAC: Gain access as role cluster-admin via kubectl

cluster-admin 和 admin Kubernetes ClusterRoles 的区别 - Difference between cluster-admin and admin Kubernetes ClusterRoles

可以在没有集群管理员角色的情况下使用 argo 吗？ - Can argo be used without cluster-admin role?

删除开源 Kubernetes v1.14 上的 cluster-admin ClusterRoleBinding 是否安全？ - Is it safe to delete the cluster-admin ClusterRoleBinding on open-source Kubernetes v1.14?

kube 系统中的集群管理员角色 - Cluster-admin role in kube system

意外覆盖了默认的集群管理员角色 - Accidentally overwrote the default cluster-admin role

如何在 kubectl 命令中仅过滤集群管理员角色 - How to filter only cluster-admin roles in kubectl command

群集管理员的GKE clusterrolebinding失败，出现权限错误 - GKE clusterrolebinding for cluster-admin fails with permission error

使用 cluster-admin 角色创建新的 CRD 资源 - Creating new CRD resource with cluster-admin role

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Kubernetes RBAC cluster-admin 无密读权限 - Kubernetes RBAC cluster-admin without secret reading permission Kubernetes 1.6+ RBAC：通过kubectl以角色cluster-admin的身份访问 - Kubernetes 1.6+ RBAC: Gain access as role cluster-admin via kubectl cluster-admin 和 admin Kubernetes ClusterRoles 的区别 - Difference between cluster-admin and admin Kubernetes ClusterRoles 可以在没有集群管理员角色的情况下使用 argo 吗？ - Can argo be used without cluster-admin role? 删除开源 Kubernetes v1.14 上的 cluster-admin ClusterRoleBinding 是否安全？ - Is it safe to delete the cluster-admin ClusterRoleBinding on open-source Kubernetes v1.14? kube 系统中的集群管理员角色 - Cluster-admin role in kube system 意外覆盖了默认的集群管理员角色 - Accidentally overwrote the default cluster-admin role 如何在 kubectl 命令中仅过滤集群管理员角色 - How to filter only cluster-admin roles in kubectl command 群集管理员的GKE clusterrolebinding失败，出现权限错误 - GKE clusterrolebinding for cluster-admin fails with permission error 使用 cluster-admin 角色创建新的 CRD 资源 - Creating new CRD resource with cluster-admin role

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM