2.3.3.3. IAM 策略示例

apiVersion: policy.open-cluster-management.io/v1
kind: IamPolicy # limit clusteradminrole and report violation
metadata:
  name: {{name}}-example
spec:
  severity: medium
  namespaceSelector:
    include: ["*"]
    exclude: ["kube-*", "openshift-*"]
  remediationAction: inform # will be overridden by remediationAction in parent policy
  maxClusterRoleBindingUsers: 5

了解如何管理 IAM 策略,请参阅管理 IAM 策略以了解更多详细信息。有关更多主题,请参阅策略控制器