Home > Enterprise >  Openshift custom resources restrictions
Openshift custom resources restrictions

Time:09-17

I didn't get how I can restrict the access of custom resources in Openshift using RBAC

let's assume I have a custom api:

apiVersion: yyy.xxx.com/v1
kind: MyClass
metadata:
   ...

Is it possible to prevent some users to deploy resources where apiVersion=yyy.xxx.com/v1 and kind=MyClass?

Also can I grant access to other users to deploy resources where apiVersion=yyy.xxx.com/v1 and kind=MyOtherClass?

If this can be done using RBAC roles, how can I deploy RBAC roles in Openshift? only using CLI or I can create some yaml configuration files and deploy them with Yaml for example?

CodePudding user response:

OpenShift/Kubernetes has Cluster Role/Binding and Local Role/Binding.

Here is the definitions in the docs. *1

Cluster role/binding: Roles and bindings that are applicable across all projects. Cluster roles exist cluster-wide, and cluster role bindings can reference only cluster roles.

Local role/binding: Roles and bindings that are scoped to a given project. While local roles exist only in a single project, local role bindings can reference both cluster and local roles.

If your Custom Resource is the resource existing in a single namespace. You can manage to give permission to others.

Whereas, if the Custom Resource is the cluster wide resource, cluster admin can only deploy the resource.

*1: https://docs.openshift.com/container-platform/4.11/authentication/using-rbac.html

Page link:https//www.codepudding.com/Enterprise/547200.html

Prev:Mount smb-shares in the KNative service
Next:show and hide a div with transition in CSS without using JavaScript
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding