2.4.7. 角色绑定策略
Kubernetes 配置策略控制器负责监控角色绑定策略的状态。应用角色绑定策略,将策略绑定到受管集群中的命名空间。在以下部分了解更多有关命名空间策略结构的详细信息。
2.4.7.1. 角色绑定策略 YAML 结构
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
name:
namespace:
spec:
complianceType:
remediationAction:
namespaces:
exclude:
include:
object-templates:
- complianceType:
objectDefinition:
kind: RoleBinding # role binding must exist
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: operate-pods-rolebinding
subjects:
- kind: User
name: admin # Name is case sensitive
apiGroup:
roleRef:
kind: Role #this must be Role or ClusterRole
name: operator # this must match the name of the Role or ClusterRole you wish to bind to
apiGroup: rbac.authorization.k8s.io
...