2.4.6.3. 角色策略示例

应用角色策略来为集群中的特定角色设置规则和权限。有关角色的更多信息，请参阅基于角色的访问控制。您的角色策略可能类似以下 YAML 文件：

   apiVersion: policy.open-cluster-management.io/v1
   kind: Policy
   metadata:
     name: policy-role
     namespace: open-cluster-management
   spec:
     complianceType: musthave
     remediationAction: inform
     namespaces:
       exclude: ["kube-*"]
       include: ["default"]
     role-templates:
       - apiVersion: open-cluster-management.io/v1/v1alpha1 # role must follow defined permissions
         metadata:
           namespace: "" # will be inferred
           name: operator-role-policy
         selector:
           matchLabels:
             dev: "true"
         complianceType: musthave # at this level, it means the role must exist with the rules that it must have the following
         rules:
           - complianceType: musthave # at this level, it means if the role exists the rule is a musthave
             policyRule:
               apiGroups: ["extensions", "apps"]
               resources: ["deployments"]
               verbs: ["get", "list", "watch", "create", "delete","patch"]
          - complianceType: "mustnothave" # at this level, it means if the role exists the rule is a mustnothave
            policyRule:
              apiGroups: ["core"]
              resources: ["secrets"]
              verbs: ["get", "list", "watch","delete", "create", "update", "patch"]
         ...

如需更多信息，请参阅管理角色策略。查看由控制器监控的其他配置策略，请参阅 Kubernetes 配置策略控制器页面。了解有关 Red Hat Advanced Cluster Management for Kubernates RBAC 的更多信息，请参阅基于角色的访问控制。