1 개요[ | ]
- kubectl describe clusterrole
- kubectl describe clusterroles
$ kubectl describe clusterroles | cat -n
1 Name: admin
2 Labels: kubernetes.io/bootstrapping=rbac-defaults
3 Annotations: rbac.authorization.kubernetes.io/autoupdate=true
4 PolicyRule:
5 Resources Non-Resource URLs Resource Names Verbs
6 --------- ----------------- -------------- -----
7 serviceaccounts [] [] [create delete deletecollection get list patch update watch impersonate]
8 configmaps [] [] [create delete deletecollection get list patch update watch]
9 endpoints [] [] [create delete deletecollection get list patch update watch]
10 persistentvolumeclaims [] [] [create delete deletecollection get list patch update watch]
... (생략)
953 },
954 "email-address": "support@we...
955 kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"rbac.authorization.k8s.io/v1beta1","kind":"ClusterRole","metadata":{"annotations":{"cloud.weave.works/launcher-info":"{\n \"original-re...
956 PolicyRule:
957 Resources Non-Resource URLs Resource Names Verbs
958 --------- ----------------- -------------- -----
959 namespaces [] [] [get list watch]
960 nodes [] [] [get list watch]
961 pods [] [] [get list watch]
962 networkpolicies.networking.k8s.io [] [] [get list watch]
$ kubectl describe clusterroles | grep -oP '\[[a-z\ ]+\]$' | sort | uniq
[approve]
[approve sign]
[create]
[create delete deletecollection get list patch update watch]
[create delete deletecollection patch update]
[create delete deletecollection patch update get list watch]
[create delete get]
[create delete get list]
[create delete get list patch update watch]
[create delete get list update]
[create delete get list update watch]
[create delete get list watch]
[create delete get patch update]
[create delete get update]
[create delete list patch watch]
[create get]
[create get delete deletecollection list update patch]
[create get delete list update patch]
[create get list patch update watch]
[create get list update]
[create get list update delete]
[create get list update watch]
[create get list watch]
[create get list watch patch update]
[create get list watch update]
[create get list watch update delete]
[create get list watch update delete patch]
[create get update]
[create patch]
[create patch update]
[create update]
[create update delete get list watch]
[create update get list watch]
[create update patch]
[delete]
[delete create]
[delete deletecollection get list]
[delete get list patch update]
[delete get list patch update watch]
[delete get list watch]
[delete get patch update]
[delete list]
[delete list watch]
[get]
[get create]
[get create update patch]
[get create update watch]
[get list]
[get list create update delete]
[get list create update delete watch]
[get list create update watch]
[get list delete]
[get list patch update watch]
[get list update]
[get list update delete patch]
[get list update watch]
[get list update watch patch]
[get list watch]
[get list watch create delete]
[get list watch create delete deletecollection patch update]
[get list watch create delete update]
[get list watch create delete update patch]
[get list watch create patch delete]
[get list watch create update]
[get list watch create update delete]
[get list watch create update delete patch]
[get list watch create update patch]
[get list watch delete]
[get list watch patch]
[get list watch patch update]
[get list watch proxy]
[get list watch update]
[get list watch update delete]
[get list watch update patch]
[get patch]
[get patch update]
[get update]
[get update list]
[get update patch]
[get update patch delete]
[get watch list]
[get watch list update delete]
[get watch list update patch create delete]
[impersonate create delete deletecollection patch update]
[impersonate create delete deletecollection patch update get list watch]
[list]
[list delete]
[list get]
[list get watch]
[list get watch update]
[list patch update watch]
[list watch]
[list watch create delete get patch update]
[list watch create update patch]
[list watch get]
[patch]
[patch update]
[sign]
[update]
[update create get delete watch]
[update patch]
[update patch get list watch]
[use]
[watch]
[watch create patch update]
[watch get list]
[watch get list delete create]
[watch get list delete create update]
[watch get list update patch]
[watch list]
[watch list get]
$ kubectl describe clusterroles | grep -oP '\[[a-z\ ]+\]$' | sort | uniq -c | sort -n
1 [create delete get list]
1 [create delete get list update watch]
1 [create get]
1 [create get list update]
1 [create get list update delete]
1 [create get list update watch]
1 [create get list watch patch update]
1 [create get list watch update]
1 [create get list watch update delete]
1 [create update]
1 [create update get list watch]
1 [create update patch]
1 [delete]
1 [delete create]
1 [delete deletecollection get list]
1 [delete get list patch update]
1 [delete get list patch update watch]
1 [delete get patch update]
1 [delete list watch]
1 [get create update patch]
1 [get create update watch]
1 [get list create update watch]
1 [get list update]
1 [get list watch create delete update patch]
1 [get list watch create update delete patch]
1 [get list watch delete]
1 [get list watch patch update]
1 [get list watch proxy]
1 [get patch]
1 [get patch update]
1 [get update list]
1 [get watch list update delete]
1 [impersonate create delete deletecollection patch update]
1 [list get]
1 [list get watch update]
1 [list patch update watch]
1 [list watch create delete get patch update]
1 [use]
1 [watch]
1 [watch get list delete create]
1 [watch get list delete create update]
1 [watch get list update patch]
2 [create delete get]
2 [create delete get patch update]
2 [create get delete deletecollection list update patch]
2 [create get list patch update watch]
2 [create get list watch update delete patch]
2 [create update delete get list watch]
2 [delete list]
2 [get create]
2 [get list create update delete]
2 [get list delete]
2 [get list update delete patch]
2 [get list watch create delete update]
2 [get list watch create patch delete]
2 [get list watch patch]
2 [get watch list update patch create delete]
2 [impersonate create delete deletecollection patch update get list watch]
2 [watch create patch update]
3 [create delete get list update]
3 [create delete get update]
3 [get list create update delete watch]
3 [get list watch update delete]
3 [get update patch]
3 [list delete]
3 [list get watch]
3 [update create get delete watch]
3 [watch list get]
4 [create delete list patch watch]
4 [create get list watch]
4 [delete get list watch]
4 [get list watch create update delete]
4 [list]
4 [patch]
4 [watch list]
5 [create delete get list patch update watch]
5 [create delete get list watch]
5 [create get delete list update patch]
5 [get list watch create update]
5 [get update]
5 [list watch get]
5 [sign]
6 [get list patch update watch]
6 [get list update watch patch]
6 [get list watch create delete]
6 [get list watch create update patch]
6 [get update patch delete]
6 [update patch get list watch]
7 [approve]
7 [create delete deletecollection get list patch update watch]
7 [create get update]
7 [get list watch update]
7 [list watch create update patch]
8 [approve sign]
9 [get list watch update patch]
9 [patch update]
10 [create patch]
11 [get list update watch]
11 [get watch list]
11 [update patch]
16 [watch get list]
18 [get list]
18 [get list watch create delete deletecollection patch update]
40 [create delete deletecollection patch update]
52 [update]
53 [get]
62 [create]
68 [create delete deletecollection patch update get list watch]
70 [create patch update]
107 [list watch]
406 [get list watch]
2 yaml & describe[ | ]
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: hello
rules:
- apiGroups: [""]
resources: ["pods", "pods/log"]
verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
resourceNames: ["kube-scheduler"]
resources: ["leases"]
verbs: ["get", "update"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
$ kubectl describe clusterrole hello
Name: hello
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods/log [] [] [get list watch]
pods [] [] [get list watch]
leases.coordination.k8s.io [] [kube-scheduler] [get update]
[/metrics] [] [get]
3 같이 보기[ | ]
로그인하시면 댓글을 쓸 수 있습니다.
{{ comment.name }}
{{ comment.created | snstime }}
-
{{comment.page_title}} ―{{comment.name}}