Difference between revisions of "System:"

Latest revision as of 11:20, 20 December 2023

system:
system:controller:
system:serviceaccount:

Referring to subjects^[1]

The prefix system: is reserved for Kubernetes system use, so you should ensure that you don't have users or groups with names that start with system: by accident. Other than this special prefix, the RBAC authorization system does not require any format for usernames.

kubectl get clusterroles | grep system
system:bootstrappers
system:node
system:nodes
system:node-proxier

system:masters
system:anonymous
system:unauthenticated

system:serviceaccount
system:serviceaccounts
system:kube-scheduler
system:kube-dns
system:volume-scheduler
system:kube-controller-manager
system:basic-user
system:dyscover

eks:

kube-system                           system::leader-locking-kube-controller-manager   2022-07-06T13:16:03Z
kube-system                           system::leader-locking-kube-scheduler            2022-07-06T13:16:03Z

system:controller:[edit]

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#controller-roles

system:controller:attachdetach-controller
system:controller:certificate-controller
system:controller:clusterrole-aggregation-controller
system:controller:cronjob-controller
system:controller:daemon-set-controller
system:controller:deployment-controller
system:controller:disruption-controller
system:controller:endpoint-controller
system:controller:expand-controller
system:controller:generic-garbage-collector
system:controller:horizontal-pod-autoscaler
system:controller:job-controller
system:controller:namespace-controller
system:controller:node-controller
system:controller:persistent-volume-binder
system:controller:pod-garbage-collector
system:controller:pv-protection-controller
system:controller:pvc-protection-controller
system:controller:replicaset-controller
system:controller:replication-controller
system:controller:resourcequota-controller
system:controller:root-ca-cert-publisher
system:controller:route-controller
system:controller:service-account-controller
system:controller:service-controller
system:controller:statefulset-controller
system:controller:ttl-controller

ClusterRole[edit]

Activities[edit]

Enabling IAM principal access to your cluster

@@ Line 1: / Line 1: @@
 {{lc}}
-  [[system:controller:]] https://kubernetes.io/docs/reference/access-authn-authz/rbac/#controller-roles
+ [[system:]]
+  [[system:controller:]]
+ [[system:serviceaccount:]]
+* Referring to [[subjects]]<ref>https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-subjects</ref>
+The prefix system: is reserved for Kubernetes system use, so you should ensure that you don't have users or groups with names that start with system: by accident. Other than this special prefix, the RBAC authorization system does not require any format for usernames.
+ [[kubectl get clusterroles]] | grep system
   [[system:bootstrappers]]
   [[system:node]]
   [[system:nodes]]
   [[system:node-proxier]]
   [[system:masters]]
-  [[system:serviceaccount:]]
+ [[system:anonymous]]
-  [[system:serviceaccounts:]]
+ [[system:unauthenticated]]
+  [[system:serviceaccount]]
+  [[system:serviceaccounts]]
   [[system:kube-scheduler]]
   [[system:kube-dns]]
   [[system:volume-scheduler]]
   [[system:kube-controller-manager]]
   [[system:basic-user]]
   [[system:dyscover]]
-  kube-system                           system::leader-locking-kube-controller-manager   2022-07-06T13:16:03Z
+  [[eks:]]
+ [[kube-system]]                           system::leader-locking-kube-controller-manager   2022-07-06T13:16:03Z
   kube-system                           system::leader-locking-kube-scheduler            2022-07-06T13:16:03Z
-[[ClusterRole]]
- [[cluster-admin]]
+== [[system:controller:]] ==
- [[admin]]
+ https://kubernetes.io/docs/reference/access-authn-authz/rbac/#controller-roles
- [[edit]]
+<pre>
- [[view]]
+system:controller:attachdetach-controller
+system:controller:certificate-controller
+system:controller:clusterrole-aggregation-controller
+system:controller:cronjob-controller
+system:controller:daemon-set-controller
+system:controller:deployment-controller
+system:controller:disruption-controller
+system:controller:endpoint-controller
+system:controller:expand-controller
+system:controller:generic-garbage-collector
+system:controller:horizontal-pod-autoscaler
+system:controller:job-controller
+system:controller:namespace-controller
+system:controller:node-controller
+system:controller:persistent-volume-binder
+system:controller:pod-garbage-collector
+system:controller:pv-protection-controller
+system:controller:pvc-protection-controller
+system:controller:replicaset-controller
+system:controller:replication-controller
+system:controller:resourcequota-controller
+system:controller:root-ca-cert-publisher
+system:controller:route-controller
+system:controller:service-account-controller
+system:controller:service-controller
+system:controller:statefulset-controller
+system:controller:ttl-controller
+</pre>
+== [[ClusterRole]] ==
+* <code>[[cluster-admin]]</code>
+* <code>[[admin]]</code>
+* <code>[[edit]]</code>
+* <code>[[Kubernetes view role|view]]</code>
+== Activities ==
+* [[Enabling IAM principal access to your cluster]]
 == Related ==
 * <code>[[eksctl create iamidentitymapping]]</code>
 * <code>[[kind: ClusterRole]]</code>
-* [[Terraform EKS: aws auth roles]]
+* [[Terraform EKS module]]: <code>[[manage_aws_auth_configmap]], [[Terraform EKS: aws_auth_roles|aws_auth_roles]], [[aws_auth_users ]]</code>
 * <code>[[aws-auth]]</code> [[ConfigMap]]
+* <code>[[groups:]]</code>
+* <code>[[kubectl get clusterroles]]</code>
+* <code>[[rbac.authorization.k8s.io]]</code>
 == See also ==
+* {{system:}}
+* {{rbac.authorization.k8s.io}}
+* {{Kubernetes RBAC}}
 * {{kube-apiserver}}
-* {{Kubernetes RBAC}}
 [[Category:K8s]]

Difference between revisions of "System:"

Latest revision as of 11:20, 20 December 2023

Contents

system:controller:[edit]

ClusterRole[edit]

Activities[edit]

Related[edit]

See also[edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools