I am trying to create a Role and RoleBinding so I can use Helm. What are the equivelant kubectl commands to create the following resources? Using the command line makes dev-ops simpler in my scenario.
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-manager-foo
namespace: foo
rules:
- apiGroups: ["", "batch", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-binding-foo
namespace: foo
subjects:
- kind: ServiceAccount
name: tiller-foo
namespace: foo
roleRef:
kind: Role
name: tiller-manager-foo
apiGroup: rbac.authorization.k8s.ioAccording to @nightfury1204 I can run the following to create the Role:
kubectl create role tiller-manager-foo --namespace foo --verb=* --resource=.,.apps,.batch, .extensions -n foo --dry-run -o yaml
This outputs:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: tiller-manager-foo
rules:
- apiGroups:
- ""
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apps
resources:
- '*'
verbs:
- '*'
- apiGroups:
- batch
resources:
- '*'
verbs:
- '*'
- apiGroups:
- extensions
resources:
- '*'
verbs:
- '*'The namespace is missing and secondly, is this equivelant?
For Role:
kubectl create role tiller-manager-foo --verb=* --resource=*.batch,*.extensions,*.apps,*. -n foo
--resource=*support added on kubectl 1.12 version
For Rolebinding:
kubectl create rolebinding tiller-binding-foo --role=tiller-manager-foo --serviceaccount=foo:tiller-foo -n fookubectl apply -f can submit an arbitrary Kubernetes YAML file like what you have in the question.
I’d specifically suggest this here because you can commit these YAML files to source control, and if you’re using Helm anyways then this is far from the only Kubernetes YAML file you have. That gives you a consistent path even to bootstrap your Helm setup.