创建Role，Rolebinding, Service account 和Pod

创建Role

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: myns
  name: myrole
rules:
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["get", "list", "watch","create","update", "delete"]

- apiGroups: [""] 
  resources: ["pods", "configmaps"]
  verbs: ["get", "list", "watch","create","update", "delete"]

创建Rolebinding

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: myrolebinding
  namespace: myns
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: myrole
subjects:
- kind: ServiceAccount
  name: mysa
  namespace: myns

创建Service Account

<