kind: ClusterRoleBinding
Jump to navigation
Jump to search
apiVersion: rbac.authorization.k8s.io/v1 # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. kind: ClusterRoleBinding metadata: name: read-secrets-global subjects: - kind: Group name: manager # Name is case sensitive apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: secret-reader apiGroup: rbac.authorization.k8s.io
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#clusterrolebinding-example
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cluster-read-only-role-binding subjects: - kind: User name: discovery-read-only-user apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: cluster-read-only-role apiGroup: rbac.authorization.k8s.io
roleRef RoleBinding
Related[edit]
See also[edit]
- ClusterRoleBinding,
kubectl describe clusterrolebindings
- K8s Cluster roles:
cluster-admin, admin, edit, view
,cluster-read-only-role
- Kubernetes RBAC
kubectl auth, kubectl auth can-i, kubectl auth reconcile
kubectl create [ role | clusterrole | clusterrolebinding
|rolebinding | serviceaccount ], groups:
, Kubernetes RBAC good practices,kube2iam
, K8s Cluster roles,rbac.authorization.k8s.io
,system:
Advertising: