Skip to main content

Permit assignement for the api

The following describes the steps to be followed to create a user with enough permissions to obtain the monitoring data. 

  1. Create a read "Cluster role" called "api-read-only": Create a role that grants the "get", "list" and "watch" permissions of all Kubernetes resources. 
cat <<EOF | kubectl apply -f - 
apiVersion: rbac.authorization.k8s.io/v1 
kind: ClusterRole 
metadata: 
annotations: 
rbac.authorization.kubernetes.io/autoupdate: "true" 
labels: 
name: api-read-only 
rules: 
- apiGroups: 
- '*' 
resources: 
- '*' 
verbs: 
- get 
- list 
- watch 
- nonResourceURLs: 
- '*' 
verbs: 
- get 
- list 
- watch 
EOF


2. Create a "Cluster role binding" called "bind-api-read-only": The previously created role will be binded to an existing "service account." 

kubectl create clusterrolebinding bind-api-read-only \ 
--clusterrole=api-read-only \ 
--serviceaccount=namespace:user
Back to top