tal
Reputation: 11
Kubernetes RBAC set subtraction / cluster-admin without capabilities
Is it possible to create a Kubernetes cluster admin without the ability to modify/read certain namespace and its content?
I am talking about subtracting certain permissions from existing role.
thanks.
Upvotes: 1
Views: 254
Answers (1)
Ramesh kollisetty
Reputation: 291
To get the behavior you want you would need a set subtraction of cluster-admin role minus the rules that you have defined. It's not supported in K8s as of this writing.
If you need a custom role which has less permissions than a predefined role, it would be more clear to list those permissions rather than to list the inverse of those permissions.
Upvotes: 1
Related Questions
- Kubernetes RBAC - forbidden attempt to grant extra privileges
- K8s cluster role exclude permissions
- Granting RBAC roles in k8s cluster using terraform
- Creating new CRD resource with cluster-admin role
- Restricted Kubernetes Service account
- Kubernetes permission issue
- Kubernetes RBAC cluster-admin without secret reading permission
- How to work with RBAC in Kubernetes
- How to enable RBAC on existing Kubernetes Cluster
- Kubernetes RBAC permissions - unknown 'clusterrole' flag when attempting to grant permissions?