Skip to content

Cluster Role

Definition

workload:
  kind: Deployment
  replicas: 3
  clusterRole: application

clusterRoles:
  application:
    rules:
      - apiGroups:
          - ''
        resources:
          - namespaces
          - pods
          - nodes
        verbs:
          - get
          - list    

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations: {}
  labels:
    app.kubernetes.io/component: cicd-sample
    app.kubernetes.io/instance: docs
    app.kubernetes.io/managed-by: helm
    app.kubernetes.io/name: cicd-sample
    app.kubernetes.io/part-of: cicd
    app.kubernetes.io/version: 1.0.0
    exordis/application: cicd-sample
    exordis/application-instance: docs
    exordis/application-type: service
    exordis/environment: test
    exordis/product: Some Product
    exordis/subsystem: cicd
    helm.sh/chart: cicd-subsystem-application-0.1.0
  name: cicd-test-sample-docs-application
rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
      - pods
      - nodes
    verbs:
      - get
      - list
enabled

if set to false cluster role is excluded from rendering

default: true

labels

list of labels to add to secret in addition to common labels

default: empty dict

annotations

list of annotations to add to secret in addition to common labels

default: empty dict

rules

Cluster role rules

Validations

  • Cluster Role id is unique

Overrides

metadata.name

name is generated from id by convention

Manifests Generation

  • common labels are added to metadata
  • ClusterRole manifest is generated for each cluster role.