To create a pod-reader role, create a YAML file with the following content:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: your-namespace-name
name: pod-reader
rules:
- apiGroups: [""] # "" represents the core API group
resources: ["pods"]
verbs: ["get", "watch", "list"]Application role:
kubectl apply --f role.yamlTo create a global pod-reader ClusterRole:
apiVersion: rbac.authorization.k8s.io/v1
kind:ClusterRole
metadata: default
# "namespace" is omitted because ClusterRoles is not bound to a namespace
name: global-pod-reader
rules:
- apiGroups: [""] # "" represents the core API group
resources: ["pods"]
verbs: ["get", "watch", "list"]Application role:
kubectl apply --f clusterrole.yaml