...
In addition, it creates a namespace template, it defines templates that define Rolebinding, ClusterRole, NetworkPolicy for the namespace tenant-a-ns1 and tenant-a-ns2.
Code Block | ||||
---|---|---|---|---|
| ||||
$ kubectl get namespacetemplate
NAME AGE
restricted 7d
$ kubectl get namespacetemplate restricted -o yaml
apiVersion: tenants.k8s.io/v1alpha1
kind: NamespaceTemplate
metadata:
creationTimestamp: "2019-05-01T17:37:11Z"
generation: 1
name: restricted
resourceVersion: "3628408"
selfLink: /apis/tenants.k8s.io/v1alpha1/namespacetemplates/restricted
uid: bffbe9c8-6c37-11e9-91c3-a4bf014c3518
spec:
templates:
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: multitenancy:podsecuritypolicy
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: multitenancy:use-psp:restricted
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: multitenancy-default
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress |