![]() ![]() The resources have different names (RoleĪnd ClusterRole) because a Kubernetes object always has to be either namespaced or not namespaced ĬlusterRoles have several uses. ![]() When you create a Role, you have to specify the namespace it belongs in.ĬlusterRole, by contrast, is a non-namespaced resource. Permissions are purely additive (there are no “deny” rules).Ī Role always sets permissions within a particular namespace An abstraction used by Kubernetes to support multiple virtual clusters on the same physical cluster. Role and ClusterRoleĪn RBAC Role or ClusterRole contains rules that represent a set of permissions. To understand how those restrictions can prevent you making some changes. Privilege escalation prevention and bootstrapping Caution: These objects, by design, impose access restrictions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |