Skip to content

ClusterRole

Gregory Nickonov edited this page Apr 2, 2019 · 1 revision

Quick start

R.cluster_role :watcher do
  add_rule do
    api_groups '*'
    resources :configmaps, :secrets, :pods, :replicationcontrollers
    verbs :get, :list
  end
end

Create ClusterRole and add rule that gives permissions to list, inspect and watch specified resources.

ClusterRole

Kubernetes Documentation

Sunstone property Kubernetes property Type
metadata metadata Kubernetes Object Metadata
aggregation_rule aggregationRule AggregationRule
rules rules Array of PolicyRule

add_rule

Helper that creates the rule, optionally initializes it with the provided block and then returns it for future use:

add_rule do
  api_groups '*'
  resources :configmaps, :secrets
  verbs :get, :list
end

AggregationRule

Kubernetes Documentation

Sunstone property Kubernetes property Type
cluster_role_selectors clusterRoleSelectors Array of LabelSelector

PolicyRule

Kubernetes Documentation

Sunstone property Kubernetes property Type
api_groups apiGroups Array of String
non_resource_urls nonResourceURLs Array of String
resource_names resourceNames Array of String
resources resources Array of String
verbs verbs Array of String

api_groups

If used without arguments, api_groups and api_group helpers return current list of API groups set for the rule. Passing list of arguments adds that list to the existing list of API groups:

api_groups :apps, :extensions
api_group '*'

non_resource_urls

If used without arguments, non_resource_urls and non_resource_url helpers return current list of non-resource URLs set for the rule. Passing list of arguments adds that list to the existing list of non-resource URLS:

non_resource_urls '/api', '/metrics'
non_resource_url '/api'

resource_names

If used without arguments, resource_names and resource_name helpers return current list of resource names set for the rule. Passing list of arguments adds that list to the existing list of resource names:

resource_names :configmaps, :secrets
resource_name :pods

resources

If used without arguments, resources and resource helpers return current list of resources set for the rule. Passing list of arguments adds that list to the existing list of resources:

resources :configmaps, :secrets
resource :pods

verbs

If used without arguments, verbs and verb helpers return current list of verbs set for the rule. Passing list of arguments adds that list to the existing list of verbs:

verbs :get, :list
verb :get
Clone this wiki locally