我的书签
添加书签
移除书签ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
import "k8s.io/api/rbac/v1"
ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata ()
Standard object’s metadata.
aggregationRule (AggregationRule)
AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.
AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
aggregationRule.clusterRoleSelectors ([]LabelSelector)
ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole’s permissions will be added
rules ([]PolicyRule)
Rules holds all the PolicyRules for this ClusterRole
PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
rules.apiGroups ([]string)
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. “” represents the core API group and “*“ represents all API groups.
rules.resources ([]string)
Resources is a list of resources this rule applies to. ‘*‘ represents all resources.
rules.verbs ([]string), required
Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. ‘*‘ represents all verbs.
rules.resourceNames ([]string)
ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
rules.nonResourceURLs ([]string)
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as “pods” or “secrets”) or non-resource URL paths (such as “/api”), but not both.
ClusterRoleList is a collection of ClusterRoles
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleList
metadata (ListMeta)
Standard object’s metadata.
items ([]), required
Items is a list of ClusterRoles
HTTP Request
GET /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}
Parameters
name (in path): string, required
name of the ClusterRole
pretty (in query): string
Response
200 (ClusterRole): OK
401: Unauthorized
list or watch objects of kind ClusterRole
HTTP Request
GET /apis/rbac.authorization.k8s.io/v1/clusterroles
Parameters
allowWatchBookmarks (in query): boolean
continue (in query): string
fieldSelector (in query): string
labelSelector (in query): string
limit (in query): integer
pretty (in query): string
resourceVersion (in query): string
resourceVersionMatch (in query): string
timeoutSeconds (in query): integer
watch (in query): boolean
Response
200 (ClusterRoleList): OK
401: Unauthorized
HTTP Request
POST /apis/rbac.authorization.k8s.io/v1/clusterroles
Parameters
body: ClusterRole, required
dryRun (in query): string
fieldManager (in query): string
pretty (in query): string
Response
200 (): OK
201 (ClusterRole): Created
202 (): Accepted
401: Unauthorized
update replace the specified ClusterRole
HTTP Request
PUT /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}
Parameters
name (in path): string, required
name of the ClusterRole
body: , required
dryRun (in query): string
fieldManager (in query): string
fieldValidation (in query): string
pretty (in query): string
Response
200 (): OK
201 (ClusterRole): Created
401: Unauthorized
HTTP Request
PATCH /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}
Parameters
name (in path): string, required
name of the ClusterRole
body: Patch, required
dryRun (in query): string
fieldManager (in query): string
force (in query): boolean
pretty (in query): string
Response
200 (): OK
201 (ClusterRole): Created
401: Unauthorized
delete delete a ClusterRole
HTTP Request
DELETE /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}
Parameters
name (in path): string, required
name of the ClusterRole
body: DeleteOptions
dryRun (in query): string
gracePeriodSeconds (in query): integer
pretty (in query): string
propagationPolicy (in query): string
Response
200 (Status): OK
202 (): Accepted
401: Unauthorized
HTTP Request
DELETE /apis/rbac.authorization.k8s.io/v1/clusterroles
Parameters
body:
continue (in query): string
dryRun (in query): string
fieldSelector (in query): string
gracePeriodSeconds (in query): integer
labelSelector (in query): string
limit (in query): integer
pretty (in query): string
propagationPolicy (in query): string
resourceVersion (in query): string
timeoutSeconds (in query): integer
Response
200 (): OK
401: Unauthorized
