功能介绍
This API is used to create a RoleBinding
调用方法
请参见如何调用API。
URI
POST /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
namespace |
是 |
String |
object name and auth scope, such as for teams and projects |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
dryRun |
否 |
String |
When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
fieldManager |
否 |
String |
fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. |
pretty |
否 |
String |
If 'true', then the output is pretty printed. |
请求参数
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
X-Auth-Token |
是 |
String |
用户Token。 通过调用 IAM 服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)。 |
Content-Type |
是 |
String |
消息体的类型(格式),默认取值为“application/json” 缺省值:application/json |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
apiVersion |
否 |
String |
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
kind |
否 |
String |
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
metadata |
否 |
Standard object's metadata. |
|
roleRef |
是 |
RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. |
|
subjects |
否 |
Subjects holds references to the objects the role applies to. |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
apiVersion |
否 |
String |
APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. |
fieldsType |
否 |
String |
FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1" |
fieldsV1 |
否 |
Object |
FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. |
manager |
否 |
String |
Manager is an identifier of the workflow managing these fields. |
operation |
否 |
String |
Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. |
time |
否 |
String |
Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply' |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
apiVersion |
是 |
String |
API version of the referent. |
blockOwnerDeletion |
否 |
Boolean |
If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. |
controller |
否 |
Boolean |
If true, this reference points to the managing controller. |
kind |
是 |
String |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
name |
是 |
String |
Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
uid |
是 |
String |
UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
apiGroup |
是 |
String |
APIGroup is the group for the resource being referenced |
kind |
是 |
String |
Kind is the type of resource being referenced |
name |
是 |
String |
Name is the name of resource being referenced |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
apiGroup |
否 |
String |
APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. |
kind |
是 |
String |
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. |
name |
是 |
String |
Name of the object being referenced. |
namespace |
否 |
String |
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. |
响应参数
状态码: 200
参数 |
参数类型 |
描述 |
---|---|---|
apiVersion |
String |
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
kind |
String |
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
metadata |
Standard object's metadata. |
|
roleRef |
RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. |
|
subjects |
Subjects holds references to the objects the role applies to. |
参数 |
参数类型 |
描述 |
---|---|---|
apiVersion |
String |
APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. |
fieldsType |
String |
FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1" |
fieldsV1 |
Object |
FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. |
manager |
String |
Manager is an identifier of the workflow managing these fields. |
operation |
String |
Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. |
time |
String |
Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply' |
参数 |
参数类型 |
描述 |
---|---|---|
apiVersion |
String |
API version of the referent. |
blockOwnerDeletion |
Boolean |
If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. |
controller |
Boolean |
If true, this reference points to the managing controller. |
kind |
String |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
name |
String |
Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
uid |
String |
UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids |
参数 |
参数类型 |
描述 |
---|---|---|
apiGroup |
String |
APIGroup is the group for the resource being referenced |
kind |
String |
Kind is the type of resource being referenced |
name |
String |
Name is the name of resource being referenced |
参数 |
参数类型 |
描述 |
---|---|---|
apiGroup |
String |
APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. |
kind |
String |
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. |
name |
String |
Name of the object being referenced. |
namespace |
String |
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. |
状态码: 201
参数 |
参数类型 |
描述 |
---|---|---|
apiVersion |
String |
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
kind |
String |
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
metadata |
Standard object's metadata. |
|
roleRef |
RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. |
|
subjects |
Subjects holds references to the objects the role applies to. |
参数 |
参数类型 |
描述 |
---|---|---|
apiVersion |
String |
APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. |
fieldsType |
String |
FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1" |
fieldsV1 |
Object |
FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. |
manager |
String |
Manager is an identifier of the workflow managing these fields. |
operation |
String |
Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. |
time |
String |
Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply' |
参数 |
参数类型 |
描述 |
---|---|---|
apiVersion |
String |
API version of the referent. |
blockOwnerDeletion |
Boolean |
If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. |
controller |
Boolean |
If true, this reference points to the managing controller. |
kind |
String |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
name |
String |
Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
uid |
String |
UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids |
参数 |
参数类型 |
描述 |
---|---|---|
apiGroup |
String |
APIGroup is the group for the resource being referenced |
kind |
String |
Kind is the type of resource being referenced |
name |
String |
Name is the name of resource being referenced |
参数 |
参数类型 |
描述 |
---|---|---|
apiGroup |
String |
APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. |
kind |
String |
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. |
name |
String |
Name of the object being referenced. |
namespace |
String |
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. |
状态码: 202
参数 |
参数类型 |
描述 |
---|---|---|
apiVersion |
String |
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
kind |
String |
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
metadata |
Standard object's metadata. |
|
roleRef |
RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. |
|
subjects |
Subjects holds references to the objects the role applies to. |
参数 |
参数类型 |
描述 |
---|---|---|
apiVersion |
String |
APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted. |
fieldsType |
String |
FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1" |
fieldsV1 |
Object |
FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. |
manager |
String |
Manager is an identifier of the workflow managing these fields. |
operation |
String |
Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'. |
time |
String |
Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply' |
参数 |
参数类型 |
描述 |
---|---|---|
apiVersion |
String |
API version of the referent. |
blockOwnerDeletion |
Boolean |
If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. |
controller |
Boolean |
If true, this reference points to the managing controller. |
kind |
String |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
name |
String |
Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names |
uid |
String |
UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids |
参数 |
参数类型 |
描述 |
---|---|---|
apiGroup |
String |
APIGroup is the group for the resource being referenced |
kind |
String |
Kind is the type of resource being referenced |
name |
String |
Name is the name of resource being referenced |
参数 |
参数类型 |
描述 |
---|---|---|
apiGroup |
String |
APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. |
kind |
String |
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. |
name |
String |
Name of the object being referenced. |
namespace |
String |
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. |
请求示例
创建RoleBinding,将"rbac-test"命名空间中的用户组绑定到名称为"view"的ClusterRole下。
{
"apiVersion" : "rbac.authorization.k8s.io/v1",
"kind" : "RoleBinding",
"metadata" : {
"name" : "clusterrole_view_User_07b82a44a680d5661f01c00b448f8f50",
"namespace" : "rbac-test"
},
"roleRef" : {
"apiGroup" : "rbac.authorization.k8s.io",
"kind" : "ClusterRole",
"name" : "view"
},
"subjects" : [ {
"apiGroup" : "rbac.authorization.k8s.io",
"kind" : "User",
"name" : "07b82a44a680d5661f01c00b448f8f50"
} ]
}
响应示例
状态码: 200
OK
{
"apiVersion" : "rbac.authorization.k8s.io/v1",
"kind" : "RoleBinding",
"metadata" : {
"creationTimestamp" : "2020-04-07T08:25:46Z",
"name" : "clusterrole_view_User_07b82a44a680d5661f01c00b448f8f50",
"namespace" : "rbac-test",
"resourceVersion" : "230511279",
"selfLink" : "/apis/rbac.authorization.k8s.io/v1/namespaces/rbac-test/rolebindings/clusterrole_view_User_07b82a44a680d5661f01c00b448f8f50",
"uid" : "6163c216-78a9-11ea-bcc5-340a9837e2a7"
},
"roleRef" : {
"apiGroup" : "rbac.authorization.k8s.io",
"kind" : "ClusterRole",
"name" : "view"
},
"subjects" : [ {
"apiGroup" : "rbac.authorization.k8s.io",
"kind" : "User",
"name" : "07b82a44a680d5661f01c00b448f8f50"
} ]
}
状态码
状态码 |
描述 |
---|---|
200 |
OK |
201 |
Created |
202 |
Accepted |
400 |
BadRequest |
401 |
Unauthorized |
403 |
Forbidden |
404 |
NotFound |
405 |
MethodNotAllowed |
406 |
NotAcceptable |
409 |
AlreadyExists |
415 |
UnsupportedMediaType |
422 |
Invalid |
429 |
TooManyRequests |
500 |
InternalError |
503 |
ServiceUnavailable |
504 |
ServerTimeout |