azlkiniue · April 9, 2024 02:10
diff --git a/create-read-only-kubeconfig.yaml b/create-read-only-kubeconfig.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: read-only-user
 secrets:
  - name: read-only-secret
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: read-only-role
 rules:
 - apiGroups: [""]
  resources: ["*"]
  verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: read-only-role-binding
 subjects:
 - kind: ServiceAccount
  name: read-only-user
  namespace: default  # Replace with the namespace where you want to grant read-only access.
 roleRef:
  kind: ClusterRole
  name: read-only-role
  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: read-only-secret
  annotations:
    kubernetes.io/service-account.name: read-only-user
 type: kubernetes.io/service-account-token
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: read-only-user
	secrets:
	- name: read-only-secret
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: read-only-role
	rules:
	- apiGroups: [""]
	resources: ["*"]
	verbs: ["get", "list", "watch"]
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: read-only-role-binding
	subjects:
	- kind: ServiceAccount
	name: read-only-user
	namespace: default # Replace with the namespace where you want to grant read-only access.
	roleRef:
	kind: ClusterRole
	name: read-only-role
	apiGroup: rbac.authorization.k8s.io
	---
	apiVersion: v1
	kind: Secret
	metadata:
	name: read-only-secret
	annotations:
	kubernetes.io/service-account.name: read-only-user
	type: kubernetes.io/service-account-token