Repositories
v1v

kubernetes/authorization-resources

v1
Published by: Kubernetes1Updated

Kubernetes v1 Authorization resources, primarily using Role-Based Access Control (RBAC), are components that regulate access to the Kubernetes API and cluster resources through the rbac.authorization.k8s.io API group. These resources include Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings, which work together to define and enforce fine-grained access policies for users, groups, and service accounts within a Kubernetes cluster

|

Authentication

Add API authentication details

HEADERS
X-APIKEY
string
Send X-APIKEY in Header

Readme

User instructions for this resource

The Role template is designed to define permissions within a specific namespace in a Kubernetes cluster. It uses a combination of facets and variables to allow for different configurations.

Variables

The template uses variables for dynamic content:

  • __R_ID__: This global variable represents the identifier for the Role, used to access specific fields in the request values. To know more about globalvariables, check Core Concepts

Collection Breakdown

  1. Base
{
    "kind": "Role",
    "facets": ["master"],
    "metadata": "{{ __R_ID__.metadata }}",
    "apiVersion": "rbac.authorization.k8s.io/v1"
}
  • This section is always included (due to the master facet).
  • It sets the kind and apiVersion.
  • The metadata is populated from the request values, including the namespace.
  1. Rules
{
    "rules": "{{ __R_ID__.rules }}",
    "facets": ["addon:rules"]
}
  • This section is optional and included when the addon:rules facet is specified.
  • It populates the rules field from the request values, defining the permissions granted by this Role.

Design Decisions

  1. Namespace Scope: Roles are namespace-scoped, allowing for fine-grained permission control within specific namespaces.

  2. Flexible Rule Definition: The addon:rules facet allows for optional inclusion of rules, enabling the creation of Roles with varying levels of permissions.

  3. Metadata Customization: The metadata field allows for custom labels and annotations, enhancing Role management and organization.

  4. Reusability: The use of variables allows for dynamic content population, making the template reusable for different Role configurations across namespaces.

Examples

Check Request Body tab section to play around with interactive examples.

Install(Example)

The Curl tab in the request section below provides the curl command for your resource.

curl -X POST "https://configfacets.com/apis/repos/kubernetes/authorization-resources/v1/resources/collections/role/exec?format=json" -H "X-CORRELATION-ID: 1fddb9a3-004b-eb85-6370-7471ee5304d9" -H "X-APIKEY: a64ea1713093e02315eed8517c2674d8" -d '{"facets":["addon:rules"],"values":{"basic_role":{"rules":[{"verbs":["get","list","watch"],"apiGroups":[""],"resources":["pods"]}],"metadata":{"name":"example-role","namespace":"default"}}},"globalvars":{"__R_ID__":"basic_role"}}' | kubectl apply -f -

Collection API

POST/apis/repos/kubernetes/authorization-resources/v1/resources/collections/role/exec
REQUEST
QUERY-STRING PARAMETERS
format
string
No sources available.
API Server https://configfacets.com
API Key
Not set
RESPONSES
No content available.