I would like to create a new/custom ClusterRole that has everything the default edit role has + a few more privileges (e.g. can create namespace).
Instead of creating this role like:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: my-custom-edit
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- create
- delete
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
...
as a raw copy of the existing default edit role and add all of the edit privileges + the additional privileges that I need is there someway to specify that my new custom clusterrole should inherit all the privileges from edit?
I have looked at:
But:
If you create a new ClusterRole that matches the label selector of an existing aggregated ClusterRole, that change triggers adding the new rules into the aggregated ClusterRole
I don’t want to modify the existing default roles (or combine existing ones into a new one). I want to create a new ClusterRole that just inherits from existing default clusterroles without modifying the default role.
Any suggestions?