Policy Rules

A PolicyRule is a building block for defining access control in Kubernetes. It defines a set of permissions that are granted to a subject.

Structure

A PolicyRule is defined as a set of permissions. Each PolicyRule consists of the following attributes:

• verbs: A list of verbs that the rule applies to. For example, the verbs get, list, watch, create, update, delete, and patch.
• apiGroups: A list of API groups that the rule applies to. For example, the API group apps for the Deployment resource.
• resources: A list of resources that the rule applies to. For example, the resource pods or the resource deployments.
• nonResourceURLs: A list of non-resource URLs that the rule applies to. For example, the non-resource URL /healthz or the non-resource URL /version.

Example

from kubernetes.client import V1PolicyRule
          
          policy_rule = V1PolicyRule(
              verbs=["get", "list", "watch"],
              apiGroups=["apps"],
              resources=["deployments"],
          )
          

Usage

A PolicyRule can be used to define permissions for a Role or RoleBinding.

A Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding. [Filename: kubernetes/docs/V1Role.md]

A RoleBinding is a binding of a set of subjects to a Role or ClusterRole. [Filename: kubernetes/docs/V1RoleBinding.md]

Code Examples

from kubernetes.client import V1PolicyRule
          
          policy_rule = V1PolicyRule(
              verbs=["get", "list", "watch"],
              apiGroups=["apps"],
              resources=["deployments"],
          )
          
          print(policy_rule) #  For `print` and `pprint` - Filename: kubernetes/client/models/v1_policy_rule.py 
          

Resources

• Kubernetes documentation
• PolicyRule API Reference
• Role API Reference
• RoleBinding API Reference

Top-Level Directory Explanations

doc/ - This directory contains documentation files for the project.

doc/source/ - This directory contains the source files for the documentation.

examples/ - This directory contains example usage of the Kubernetes client library.

examples/dynamic-client/ - This directory contains examples of using the dynamic client to interact with Kubernetes.

examples/yaml_dir/ - This directory contains YAML files used in the examples.

kubernetes/ - This directory contains the main Kubernetes client library.

kubernetes/base/ - This directory contains the base Kubernetes client library.

kubernetes/base/config/ - This directory contains configuration files for the base library.

kubernetes/base/dynamic/ - This directory contains the dynamic client implementation for the base library.

kubernetes/base/hack/ - This directory contains hack files for the base library.

kubernetes/base/leaderelection/ - This directory contains the leader election implementation for the base library.

kubernetes/client/ - This directory contains the top-level client for the Kubernetes client library.

kubernetes/client/api/ - This directory contains the API definitions for the client library.

kubernetes/client/models/ - This directory contains the data models used by the client library.

kubernetes/e2e_test/ - This directory contains end-to-end tests for the Kubernetes client library.

kubernetes/e2e_test/test_yaml/ - This directory contains YAML files used in the end-to-end tests.

scripts/ - This directory contains scripts used in the development and build process.