背景
有需求要让开发用户只允许更新镜像,其他都是只读权限,需要创建一个自定义角色。
步骤
全局–添加角色
- daemonsets,deployments,deployments/rollback,deployments/scale,replicasets,replicasets/scale,statefulsets (Custom)
- pods,replicationcontrollers,replicationcontrollers/scale (Custom)
- limitranges,pods/log,pods/status,pods/exec,replicationcontrollers/status,resourcequotas,resourcequotas/status,bindings (Custom)
保存。
添加项目成员,绑定自定义角色即可。
