K
Q

Kubernetes [RBAC]: User with access to specific Pods

8/2/2018

I need to give access to a set of pods within a namespace to an external support. I've been reading about the RBAC API, [Cluster]Roles and [Cluster]Role Bindings; but I could not find anything about how to apply a role to a group of pods (based on annotations or labels). Does anyone know if it is possible to do that?

This is the Role that I use now, and need limit it to a specific pods set:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: <ClientX>-PodMonitor
  namespace: <namespace>
rules:
- apiGroups: [""]
  verbs: ["get", "list"]
  resources: ["pods", "pods/log"]

If you guys need more details, please let me know.

Thanks.

-- mvazquez
kubernetes
kubernetes-pod
kubernetes-security
rbac

Similar Questions

Jenkins Docker image building for Different Tenant from same code repository
passing in environment variables into docker running in kubernetes
How to ensure kubernetes cronjob does not restart on failure
Google Cloud Kubernetes cost when rescaled to 0 nodes

1 Answer

8/2/2018

Try below way of defining role-binding with resource name as example on docs:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
    namespace: default
    name: configmap-updater
rules:
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["my-configmap"]
  verbs: ["update", "get"]
-- Amit
Source: StackOverflow