Home > Mobile >  what is the importance of apigroups in kubernetes role definition
what is the importance of apigroups in kubernetes role definition

Time:12-12

Could some one please help me with this.. I would like to understand a bit about the apiGroups & its usage in below Role definition.

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: example.com-superuser  
rules:
- apiGroups: ["example.com"]
  resources: ["*"]
  verbs: ["*"]

I was going through RBAC in Kubernetes. https://kubernetes.io/docs/reference/access-authn-authz/rbac/ Above example is from this link.

CodePudding user response:

An api group groups a set of resource types in a common namespace. For example, resource types related to Ingress services are grouped under the networking.k8s.io api group:

$ kubectl api-resources --api-group newtorking.k8s.io
NAME              SHORTNAMES   APIVERSION             NAMESPACED   KIND
ingressclasses                 networking.k8s.io/v1   false        IngressClass
ingresses         ing          networking.k8s.io/v1   true         Ingress
networkpolicies   netpol       networking.k8s.io/v1   true         NetworkPolicy

It is possible to have two different resource types that have the same short name in different resource groups. For example, in my OpenShift system there are two different groups that provide a Subscription resource type:

$ kubectl api-resources | awk '$NF == "Subscription" {print}'
subscriptions                         appsub                                 apps.open-cluster-management.io/v1                 true         Subscription
subscriptions                         sub,subs                               operators.coreos.com/v1alpha1                      true         Subscription

If I am creating a role, I need to specify to which Subscription I want to grant access. This:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: allow-config-access
rules:
- apiGroups:
    - operators.coreos.com
  resources:
    - subscriptions
  verbs: ["*"]

Provides access to different resources than this:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: allow-config-access
rules:
- apiGroups:
    - apps.open-cluster-management.io
  resources:
    - subscriptions
  verbs: ["*"]

CodePudding user response:

ApiGroups in Kubernetes are used to specify the set of resources that a Role or ClusterRole can access. In the example given, apiGroups is set to ["example.com"] which means the Role is allowed to access all resources from the “example.com” api. This allows admins to control access to different resources within the Kubernetes cluster.

Page link:https//www.codepudding.com/Mobile/639483.html

Prev:Rust: How to create a mutable reference to a struct's member from another member during Struct:
Next:Kubernetes database operator that automatically creates credentials
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding