:Create a custom RBAC role

Introduction to Roles and ClusterRoles

You can create a Role or ClusterRole by using a YAML file or the Alibaba Cloud Container Compute Service (ACS) console.

Create a Role

To define permissions scoped to a namespace, create a Role.

The following YAML template provides an example on how to create a Role in the default namespace. You can use this Role to grant full permissions on pods in the default namespace.

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: test-role
  namespace: default
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch

Create a ClusterRole

To define cluster-wide permissions, create a ClusterRole.

The following YAML template provides an example on how to create a ClusterRole. You can use this ClusterRole to grant full permissions on pods in a namespace.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: test-clusterrole
rules:
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch

For more information about Roles and ClusterRoles, see Roles and ClusterRoles.

Create a custom RBAC role

1. Log on to the ACS console. In the left-side navigation pane, click Clusters.

2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Security > Role.

3. On the Role page, click the Cluster Role tab.

4. On the Cluster Role tab, click Create.

5. In the Create YAML pane, enter the content of the ClusterRole and click OK to create the ClusterRole.

   In this step, the YAML template used in the Create a ClusterRole section of How to create an RBAC role is used. After the ClusterRole is created, you can view the ClusterRole named test-clusterrole on the Cluster Role tab.