2.4.7.3. Rolebinding 策略示例

rolebinding 策略可能类似以下 YAML 文件:

   apiVersion: policy.open-cluster-management.io/v1
   kind: Policy
   metadata:
     name: policy-rolebinding
     namespace: open-cluster-management
   spec:
     complianceType: musthave
     remediationAction: inform
     namespaces:
       exclude: ["kube-*"]
       include: ["default"]
     object-templates:
       - complianceType: musthave
         objectDefinition:
           kind: RoleBinding # role binding must exist
           apiVersion: rbac.authorization.k8s.io/v1
           metadata:
             name: operate-pods-rolebinding
           subjects:
           - kind: User
             name: admin # Name is case sensitive
             apiGroup: rbac.authorization.k8s.io
           roleRef:
             kind: Role #this must be Role or ClusterRole
             name: operator # this must match the name of the Role or ClusterRole you wish to bind to
             apiGroup: rbac.authorization.k8s.io
       ...

了解如何管理 rolebinding 策略,请参阅管理 rolebinding 策略以了解更多详细信息。如需了解其他配置策略,请参阅 Kubernetes 配置策略控制器。请参阅管理安全策略以管理其他策略。