We have an Azure-Kube.netes and use a helm chart to manage a list of deployments.
I would like to somehow block manual removal of the deployments. Deletion of the pods is fine, actually wanted to be able to "restart" the services inside to clean up cache and so on.
I'm sorry for the short question, am searching for a while but so far found nothing promising.
You can configure the RBAC into the K8s cluster.
Role for the deployment manager
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: deployment-manager
rules:
- apiGroups: ["*"]
resources: ["deployments", "replicasets", "pods"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
Role for developer
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: developer
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["pods"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
Role binding deployment manager
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: deployment-manager-binding
subjects:
- kind: User
name: admin
apiGroup: ""
roleRef:
kind: Role
name: deployment-manager
apiGroup: ""
Role binding developer
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: developer-manager-binding
subjects:
- kind: User
name: dev
apiGroup: ""
roleRef:
kind: Role
name: developer
apiGroup: ""
You can create two new K8s contexts and using that check
kubectl --context=dev-context get pods
You can read more at: https://docs.bitnami.com/tutorials/configure-rbac-in-your-kube.netes-cluster/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.