can you please give some examples of RBAC in named API. I uderstand for core API group we need to leave apiGroups as apiGroups: [“”]. For core API groups can we have any other value inside apiGroups other than [“”], also in case of named API group, what value we can put inside apiGroups.
And how can we check which resource fall under cope API group and which resource falls under named group?
For the apiGroups, you have the option to leave it [“”] and this will take all the apiGroups by defaults, but if you specified it, this will limit the selection of the apiGroups.
The following is an example, the first one is for using [“”] which means that could be get , list and watch the all apiGroups for the pods resources and for the deployments resources for only the apiGroups: extensions and apps to be get , list , watch , create , update , patch and delete
apiGroup: “”
kind: User
name: magalix
roleRef:
apiGroup: “”
kind: Role
name: get-pods
To know the available resources for all apigroups you can use this command:
kubectl api-resources
from the output of this command, you can see the available apiGroups in the “APIVERSION” and the available resources for it “KIND”
sorry for late followup, as I was away for 2 months.
I didn’t get the above output for kubectl api-resources. It says the APIVERSION not the APIGROUP. So how come I know while creating role, this resource belongs to core API group and can be left blank or this resource belongs to apps API group or extensions API group?