Create a service account name seminar-sa on the namespace seminar
Create a new role named k8s-seminar in the namespace seminar which only allows create and update operations only on resources of type pods and deployments
Create a new rolebinding name k8s-seminar-bind binding to the newly created role to the service account created previously named seminar-sa.
kubectl create ns seminar
kubectl -n seminar create sa seminar-sa
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: seminar
name: k8s-seminar
rules:
- apiGroups: [""]
resources: ["pods","deployments"]
verbs: ["create","update"]
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: k8s-seminar-pod
namespace: seminar
subjects:
roleRef:
kind: Role
name: k8s-seminar
apiGroup: rbac.authorization.k8s.io