kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update content/en/docs/reference/access-authn-authz/rbac.md 

Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
pull/29468/head
Abirdcfly 2021-08-23 21:45:10 +08:00 committed by GitHub
parent 162da6561b
commit 19807f866c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
content/en/docs/reference/access-authn-authz/rbac.md
View File

@ -281,7 +281,8 @@ rules:
{{< note >}}
You cannot restrict `create` or `deletecollection` requests by their resource name.
For `create`, this limitation is because the name of the new object may not be known at authorization time.
If you restrict `list` or `watch` by resourceName, then the only way that a client including kubectl can perform that `list` or `watch` is by specifying a field selector that matches on metadata.name.
If you restrict `list` or `watch` by resourceName, clients must include a `metadata.name` field selector in their `list` or `watch` request that matches the specified resourceName in order to be authorized.
For example, `kubectl get configmaps --field-selector=metadata.name=my-configmap`
{{< /note >}}