--- tags: k3s --- # Role & Rolebinding ## role.yaml ```yaml= kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: ${UR} name: ${UR}-reader rules: - apiGroups: [""] # "" indicates the core API group resources: ["pods", "services", "nodes"] verbs: ["get", "watch", "list"] ' ``` ## rolebind.yaml ```yaml= kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: ${UR}-read-access namespace: ${UR} subjects: - kind: User name: ${UR} apiGroup: rbac.authorization.k8s.io roleRef: kind: Role #this must be Role or ClusterRole name: ${UR}-reader apiGroup: rbac.authorization.k8s.io ```