标记 RBAC

更多信息请查看官方文档

用域控制器的Reconcile方法上方,用于获取Client-go需要的权限

// +kubebuilder:rbac:group=,resources=,verbs={}

可选参数:

  1. group:权限的组(group.domain)
  2. resources资源类型
  3. verbs需要的权限类型
  4. resourceNames:API名称
  5. namespace权限需要的范围

示例:

// +kubebuilder:rbac:groups="",resources=pods,verbs=create;get;list;watch;update;patch;delete
// +kubebuilder:rbac:groups="",resources=namespaces,verbs="*"
// +kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create;patch
// +kubebuilder:rbac:groups=core,resources=services,verbs="*"
// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs="*"
// +kubebuilder:rbac:groups=xxx,resources=xs,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=xxx,resources=xs/status,verbs=get;update;patch
// +kubebuilder:rbac:groups=xx,resources=xs/finalizers,verbs=update