Repositories
v1v

kubernetes/authorization-resources

v1
Published by: Kubernetes1Updated

Kubernetes v1 Authorization resources, primarily using Role-Based Access Control (RBAC), are components that regulate access to the Kubernetes API and cluster resources through the rbac.authorization.k8s.io API group. These resources include Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings, which work together to define and enforce fine-grained access policies for users, groups, and service accounts within a Kubernetes cluster

|

Authentication

Add API authentication details

HEADERS
X-APIKEY
string
Send X-APIKEY in Header

Readme

User instructions for this resource

The ClusterRole template is designed to provide flexibility in creating Kubernetes ClusterRole resources. It uses a combination of facets and variables to allow for different configurations.

Variables

The template uses variables to allow for dynamic content:

  • __CR_ID__ : This is a global variable that represents the identifier for the ClusterRole. It's used to access specific fields in a collection of multiple clusterrole values. You can see real examples in Cert Manager and to know more about globalvariables, check Core Concepts

Collection Breakdown

  1. Base
{
    "kind": "ClusterRole",
    "facets": ["master"],
    "metadata": "{{ __CR_ID__.metadata }}",
    "apiVersion": "rbac.authorization.k8s.io/v1"
}
  • This section is always included (due to the master facet).
  • It sets the kind and apiVersion.
  • The metadata is populated from the request values.
  1. Rules
{
    "rules": "{{ __CR_ID__.rules }}",
    "facets": ["addon:rules"]
}
  • This section is optional and included when the addon:rules facet is specified.
  • It populates the rules field from the request values.
  1. AggregationRule
{
    "facets": ["addon:aggregationrule"],
    "aggregationRule": "{{ __CR_ID__.aggregationRule }}"
}
  • This section is optional and included when the addon:aggregationrule facet is specified.
  • It populates the aggregationRule field from the request values.

Design Decisions

  1. Separation of Concerns: By using different facets for rules and aggregationRule, the template allows for creating ClusterRoles with either or both of these sections.

  2. Flexibility: The use of variables (like __CR_ID__ ) allows for dynamic content population, making the template reusable for different ClusterRole configurations.

  3. Base: The master facet ensures that the core ClusterRole fields are always included, maintaining the basic structure of the resource.

  4. Optional Additions: The addon:rules and addon:aggregationrule facets allow for optional inclusion of these sections, catering to different use cases of ClusterRoles.

Examples

Check Request Body tab section to play around with interactive examples.

Install(Example)

The Curl tab in the request section below provides the curl command for your resource.

curl -s -X POST "https://configfacets.com/apis/repos/kubernetes/authorization-resources/v1/resources/collections/clusterrole/exec?format=json" -d '{"facets":["addon:rules"],"values":{"labeled_cr":{"rules":[{"verbs":["get","list","watch"],"apiGroups":["custom.example.com"],"resources":["widgets"]}],"metadata":{"name":"custom-view","labels":{"rbac.authorization.k8s.io/aggregate-to-view":"true"}}}},"globalvars":{"__CR_ID__":"labeled_cr"}}' | kubectl apply -f -

Collection API

POST/apis/repos/kubernetes/authorization-resources/v1/resources/collections/clusterrole/exec
REQUEST
QUERY-STRING PARAMETERS
format
string
No sources available.
API Server https://configfacets.com
API Key
Not set
RESPONSES
No content available.