Kubernetes: Role, ClusterRole

Jan 19, 2024

—

Role and ClusterRole in Kubernetes is used to limit access to Kubernetes API.

Role is limited within a particular namespace, whereas ClusterRole is global.

To create Role:

kubectl create role <name> --verb=list --verb=get --resource=pods
kubectl create role <name> --verb=list,get --resource=pods
kubectl create role <name> --verb=list,get --resource=pods/<pod-name>
kubectl create role <name> --verb=list,get --resource=pods --resource-name=<pod-name>

To get the list of the resources:

kubectl api-resources

To get the list of verbs related to a particular resource:

kubectl api-resources -o wide

Resources:

Using RBAC Authorization | Kubernetes