Skip to content

Latest commit

 

History

History
69 lines (55 loc) · 2.01 KB

File metadata and controls

69 lines (55 loc) · 2.01 KB

Cluster Roles

In this section, we will take a look at cluster roles

Roles

  • Roles and Rolebindings are namespaced meaning they are created within namespaces.

    roles

Namespaces

  • Can you group or isolate nodes within a namespace?

    • No, those are cluster wide or cluster scoped resources. They cannot be associated to any particular namespace.

    namespace

  • So the resources are categorized as either namespaced or cluster scoped.

  • To see namespaced resources

    $ kubectl api-resources --namespaced=true
    
  • To see non-namespaced resources

    $ $ kubectl api-resources --namespaced=false
    

    namespace1

Cluster Roles and Cluster Role Bindings

  • Cluster Roles are roles except they are for a cluster scoped resources. Kind as CLusterRole
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: cluster-administrator
    rules:
    - apiGroups: [""] # "" indicates the core API group
      resources: ["nodes"]
      verbs: ["get", "list", "delete", "create"]
    
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: cluster-admin-role-binding
    subjects:
    - kind: User
      name: cluster-admin
      apiGroup: rbac.authorization.k8s.io
    roleRef:
      kind: ClusterRole
      name: cluster-administrator
      apiGroup: rbac.authorization.k8s.io
    
    $ kubectl create -f cluster-admin-role.yaml
    $ kubectl create -f cluster-admin-role-binding.yaml
    

cr1

  • You can create a cluster role for namespace resources as well. When you do that user will have access to these resources across all namespaces.

K8s Reference Docs