Skip to content

Extending Admin ClusterRole

Bill as the cluster admin want to add additional rules for admin ClusterRole.

Bill can extend the admin role for MTO using the aggregation label for admin ClusterRole. Bill will create a new ClusterRole with all the permissions he needs to extend for MTO and add the aggregation label on the newly created ClusterRole.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: extend-admin-role
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: 'true'
rules:
  - verbs:
      - create
      - update
      - patch
      - delete
    apiGroups:
      - user.openshift.io
    resources:
      - groups

Note: You can learn more about aggregated-cluster-roles here

What’s next

See how Bill can hibernate unused namespaces at night

Copyright © 2023 Stakater AB – Change cookie settings