当应用程序需要调用事件API来获取其集群的所有事件时,作为程序员我可能会定义这样的角色:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["events"]
verbs: ["list"]
让我感到困惑的是apiGroups,我可以使用“events.k8s.io”,或者简单地使用“”,或者“events.k8s.io”和“”两者......
这个 apiGroups 是什么东西?我尝试阅读官方文档,但我发现的是:
API groups make it easier to extend the Kubernetes API. The API group is specified in a REST path and in the apiVersion field of a serialized object.
There are several API groups in Kubernetes:
The core (also called legacy) group is found at REST path /api/v1. The core …kubernetes ×1