Hi,
I’m trying to figure out a way where a specific set of k8s cluster users can edit configMaps (with a common metadata name like *.-cars) in a namespace. This is to ensure proper RBAC support on configMap objects in a deployment.
- Is it possible to have such a setup today in K8S? I see the gitHub ticket (https://github.com/kubernetes/kubernetes/issues/56582) as closed. Is it relevant?
- How can we get such support in K8S mainly to limit access control for all cluster users? Any ideas or suggestions?
Here is an example of a role that I was after:
$ cat role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: car-role
rules:
- apiGroups: [“”]
resources: [“configmaps”]
resourceNames: [“*.-car-configmap”]
verbs: [“update”]
I have the configMaps:
evadtej@ubuntu:~/log-test$ kubectl get configmap -n mynamespace
NAME DATA AGE
service-1-car-configmap 1 83m
service-2-car-configmap 1 79m
I’m able to create the above objects on k8s cluster v1.25.3.
Thanks!