-
Notifications
You must be signed in to change notification settings - Fork 519
/
Copy pathrbac.yaml
42 lines (42 loc) · 1.29 KB
/
rbac.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# This file is exclusively to be used when you are using Microsoft Entra ID direct assignment for Kubertnetes RBAC
# and NOT when you are using Azure RBAC as your Kubernetes RBAC backing store.
#
# Map k8s user facing namespace roles to Microsoft Entra groups: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
#apiVersion: rbac.authorization.k8s.io/v1
#kind: RoleBinding
#metadata:
# name: namespace-admin
# namespace: a0008
#roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: ClusterRole
# name: admin
#subjects:
# - kind: Group
# name: <replace-with-a-microsoft-entra-group-object-id-for-this-namespace-role-binding>
#---
#apiVersion: rbac.authorization.k8s.io/v1
#kind: RoleBinding
#metadata:
# name: namespace-editor
# namespace: a0008
#roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: ClusterRole
# name: edit
#subjects:
# - kind: Group
# name: <replace-with-a-microsoft-entra-group-object-id-for-this-namespace-role-binding>
#---
#apiVersion: rbac.authorization.k8s.io/v1
#kind: RoleBinding
#metadata:
# name: namespace-viewer
# namespace: a0008
#roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: ClusterRole
# name: view
#subjects:
# - kind: Group
# name: <replace-with-a-microsoft-entra-group-object-id-for-this-namespace-role-binding>