"Rules to PolicyRules"의 두 판 사이의 차이

(새 문서: ==개요== ;Role to PolicyRole ==목표== <syntaxhighlight lang='yaml'> apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: hello rules: - apiGroups: [""]...)
잔글 (Jmnote님이 Role to PolicyRole 문서를 넘겨주기를 만들지 않고 Rules to PolicyRules 문서로 이동했습니다)
(차이 없음)

2024년 2월 2일 (금) 11:16 판

1 개요

Role to PolicyRole

2 목표

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
  name: hello
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
  resourceNames: ["kube-scheduler"]
  resources: ["leases"]
  verbs: ["get", "update"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]
$ kubectl describe clusterrole hello
Name:         hello
Labels:       <none>
Annotations:  <none>
  Resources                   Non-Resource URLs  Resource Names    Verbs
  ---------                   -----------------  --------------    -----
  pods/log                    []                 []                [get list watch]
  pods                        []                 []                [get list watch]
  leases.coordination.k8s.io  []                 [kube-scheduler]  [get update]
                              [/metrics]         []                [get]

3 Go 코드

package main

import (


var data string = `apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
  name: hello
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
  resourceNames: ["kube-scheduler"]
  resources: ["leases"]
  verbs: ["get", "update"]
- nonResourceURLs: ["/metrics"]
  verbs: ["get"]`

type Role struct {
	ApiVersion string   `yaml:"apiVersion"`
	Kind       string   `yaml:"kind"`
	Metadata   Metadata `yaml:"metadata"`
	Rules      []Rule   `yaml:"rules"`

type Metadata struct {
	Name string `yaml:"name"`

type Rule struct {
	APIGroups       []string `yaml:"apiGroups"`
	NonResourceURLs []string `yaml:"nonResourceURLs "`
	Resources       []string `yaml:"resources"`
	ResourceNames   []string `yaml:"resourceNames"`
	Verbs           []string `yaml:"verbs"`

type PolicyRule struct {
	Resources       string
	NonResourceURLs []string
	ResourceNames   []string
	Verbs           []string

func main() {
	var role Role
	yaml.Unmarshal([]byte(data), &role)

	policyRules := []PolicyRule{}
	for _, r := range role.Rules {
		if len(r.APIGroups) == 0 {
			policyRules = append(policyRules, PolicyRule{
				Resources:       "",
				NonResourceURLs: r.NonResourceURLs,
				ResourceNames:   r.ResourceNames,
				Verbs:           r.Verbs,
		for _, apiGroup := range r.APIGroups {
			var postfix = ""
			if len(apiGroup) > 0 {
				postfix += "." + apiGroup
			for _, resource := range r.Resources {
				policyRules = append(policyRules, PolicyRule{
					Resources:       resource + postfix,
					NonResourceURLs: r.NonResourceURLs,
					ResourceNames:   r.ResourceNames,
					Verbs:           r.Verbs,

	for _, pr := range policyRules {
		fmt.Printf("%v\n", pr)
문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}