Difference between revisions of "Kind: ClusterRoleBinding"
Jump to navigation
Jump to search
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
− | |||
− | |||
apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||
# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. | # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. | ||
Line 8: | Line 6: | ||
name: read-secrets-global | name: read-secrets-global | ||
subjects: | subjects: | ||
− | - kind: Group | + | - [[kind: Group]] |
name: manager # Name is case sensitive | name: manager # Name is case sensitive | ||
apiGroup: rbac.authorization.k8s.io | apiGroup: rbac.authorization.k8s.io | ||
[[roleRef:]] | [[roleRef:]] | ||
− | kind: ClusterRole | + | [[kind: ClusterRole]] |
name: secret-reader | name: secret-reader | ||
− | apiGroup: rbac.authorization.k8s.io | + | apiGroup: [[rbac.authorization.k8s.io]] |
+ | |||
+ | https://kubernetes.io/docs/reference/access-authn-authz/rbac/#clusterrolebinding-example | ||
+ | |||
+ | |||
+ | {{discovery-read-only-user}} | ||
Line 22: | Line 25: | ||
== Related == | == Related == | ||
* [[K8s Cluster roles]] | * [[K8s Cluster roles]] | ||
+ | * <code>[[cluster-read-only-role]]</code> | ||
+ | * <code>[[kubectl describe clusterrolebindings]]</code> | ||
+ | * [[Terraform resource: kubernetes cluster role binding]] | ||
== See also == | == See also == | ||
+ | * {{ClusterRoleBinding}} | ||
+ | * {{K8s roles}} | ||
* {{Kubernetes RBAC}} | * {{Kubernetes RBAC}} | ||
[[Category:Kubernetes]] | [[Category:Kubernetes]] |
Latest revision as of 10:08, 2 November 2023
apiVersion: rbac.authorization.k8s.io/v1 # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. kind: ClusterRoleBinding metadata: name: read-secrets-global subjects: - kind: Group name: manager # Name is case sensitive apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: secret-reader apiGroup: rbac.authorization.k8s.io
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#clusterrolebinding-example
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cluster-read-only-role-binding subjects: - kind: User name: discovery-read-only-user apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: cluster-read-only-role apiGroup: rbac.authorization.k8s.io
roleRef RoleBinding
Related[edit]
- K8s Cluster roles
cluster-read-only-role
kubectl describe clusterrolebindings
- Terraform resource: kubernetes cluster role binding
See also[edit]
- ClusterRoleBinding,
kubectl describe clusterrolebindings
- K8s Cluster roles:
cluster-admin, admin, edit, view
,cluster-read-only-role
- Kubernetes RBAC
kubectl auth, kubectl auth can-i, kubectl auth reconcile
kubectl create [ role | clusterrole | clusterrolebinding
|rolebinding | serviceaccount ], groups:
, Kubernetes RBAC good practices,kube2iam
, K8s Cluster roles,rbac.authorization.k8s.io
,system:
Advertising: