Create the following file and save it as cluster-read-only-role.yaml:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
name: read-only
rules:
- apiGroups:
- ""
resources: ["*"]
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources: ["*"]
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources: ["*"]
verbs:
- get
- list
- watch
Run the following command to create a cluster-wide role named read-only that has read-only permissions across the cluster:
kubectl create -f cluster-read-only-role.yaml