ClusterRole

ClusterRole

apiVersion: rbac.authorization.k8s.io/v1
import "k8s.io/api/rbac/v1"

ClusterRole

ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.

  • apiVersion: rbac.authorization.k8s.io/v1

  • kind: ClusterRole

  • metadata (ObjectMeta)
    Standard object’s metadata.

  • aggregationRule (AggregationRule)
    AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.
    AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole

    • aggregationRule.clusterRoleSelectors ([]LabelSelector)
      ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole’s permissions will be added
  • rules ([]PolicyRule)
    Rules holds all the PolicyRules for this ClusterRole
    PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.

    • rules.apiGroups ([]string)
      APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
    • rules.resources ([]string)
      Resources is a list of resources this rule applies to. ResourceAll represents all resources.
    • rules.verbs ([]string), required
      Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
    • rules.resourceNames ([]string)
      ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
    • rules.nonResourceURLs ([]string)
      NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as “pods” or “secrets”) or non-resource URL paths (such as “/api”), but not both.

ClusterRoleList

ClusterRoleList is a collection of ClusterRoles

  • apiVersion: rbac.authorization.k8s.io/v1

  • kind: ClusterRoleList

  • metadata (ListMeta)
    Standard object’s metadata.

  • items ([]ClusterRole), required
    Items is a list of ClusterRoles

Operations

get read the specified ClusterRole

HTTP Request

GET /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}

Parameters
  • {name} (string), required
    name of the ClusterRole
  • ?pretty (string)
    pretty
Response

200 (ClusterRole): OK
401: Unauthorized

list list or watch objects of kind ClusterRole

HTTP Request

GET /apis/rbac.authorization.k8s.io/v1/clusterroles

Parameters
Response

200 (ClusterRoleList): OK
401: Unauthorized

create create a ClusterRole

HTTP Request

POST /apis/rbac.authorization.k8s.io/v1/clusterroles

Parameters
Response

200 (ClusterRole): OK
201 (ClusterRole): Created
202 (ClusterRole): Accepted
401: Unauthorized

update replace the specified ClusterRole

HTTP Request

PUT /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}

Parameters
Response

200 (ClusterRole): OK
201 (ClusterRole): Created
401: Unauthorized

patch partially update the specified ClusterRole

HTTP Request

PATCH /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}

Parameters
  • {name} (string), required
    name of the ClusterRole

  • body (Patch), required

  • ?dryRun (string)
    dryRun

  • ?fieldManager (string)
    fieldManager

  • ?force (boolean)
    force

  • ?pretty (string)
    pretty

Response

200 (ClusterRole): OK
401: Unauthorized

delete delete a ClusterRole

HTTP Request

DELETE /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}

Parameters
Response

200 (Status): OK
202 (Status): Accepted
401: Unauthorized

deletecollection delete collection of ClusterRole

HTTP Request

DELETE /apis/rbac.authorization.k8s.io/v1/clusterroles

Parameters
Response

200 (Status): OK
401: Unauthorized