Last updated
kubectl get rolebinding -n monitoring -o yaml | grep -i service-account-web -C 6
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: web-role
subjects:
- kind: ServiceAccount
name: service-account-web
namespace: monitoring
kind: List
metadata:
resourceVersion: ""kubectl edit role web-role -n monitoring
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: "2024-07-30T14:18:32Z"
name: web-role
namespace: monitoring
resourceVersion: "270816"
uid: 012f6805-d8c7-458e-8657-4ab727504a0b
rules:
- apiGroups:
- "" # 根据 kubectl api-resources 查看所操作资源具体属于哪个 API 组
resources:
- pods
verbs:
- get
# - watch # 删除此项
# - list # 删除此项# vim role-2.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: monitoring
name: role-2
rules:
- apiGroups: ["apps"] # "" 标明 core API 组
resources: ["statefulsets"]
verbs: ["update"]
kubectl create -f role-2.yaml
# kubectl create role role-2 --verb=update --resource=statefulsets -n monitoringkubectl create rolebinding role-2-binding \
--role=role-2 \
--serviceaccount=monitoring:service-account-web \
-n monitoring