Amazon EKS: Create Role Definition
The Service Account created in the previous chapter needs to be governed by some roles. These roles are defined in an orderly fashion as a YAML file and deployed in your Kubernetes cluster.
Amazon EKS: Create Manifest File for Role Definition
To define the roles required by the service account, you need to create a YAML file. The file role.yaml, with its contents, is shown below:
Note
The parameters required to create this YAML file, ready to be deployed, are explained in the Properties section.
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
creationTimestamp: null
name: ncache-operator
rules:
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- ncache-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- alachisoft.ncache
resources:
- '*'
- ncaches
verbs:
- '*'
Create Role Definition in Kubernetes Cluster
Executing the following kubectl command will ensure that the role.yaml file gets deployed within the Amazon EKS cluster.
kubectl create -f [dir]/role.yaml
Properties
The properties required to create a role in Amazon EKS are explained below:
| Parameter | Description |
|---|---|
-kind |
This can be many different types like a Deployment, a Service, DaemonSet or StatefulSet. In this case it will be a Role. |
-apiVersion |
Specifies the version of the kind and it depends on the underlying version of Kubernetes. |
-name |
Specifies the name of the Operator you will deploy that needs access to the service account. |
-rules |
Specifies the set of rules requited for deployment of the role. |
-apiGroups |
Specifies the name and details of all or some API groups. |
The next step is to bind these roles with the service account, the steps of which have been explained in the next chapter.
See Also
Create Service Account
Create Role Binding
Create NCache Operator
Create Custom Resources
