Your cart is currently empty!
Kubernetes: RoleBinding, ClusterRoleBinding
RoleBinding in Kubernetes is used to tie together ServiceAccount and/or User and/or Group to particular Role/ClusterRole.
RoleBinding is limited within a particular namespace, whereas ClusterRoleBinding is global.
Binding Role to ServiceAccount :
kubectl create rolebinding <name> --role=<role-name> --service-account=<sa1-namespace>:<sa1-name> --service-account=<sa2-namespace>:<sa2-name>
Binding Role to User:
kubectl create rolebinding <name> --role=<role-name> --user=user1 --user=user2
Binding Role to Group:
kubectl create rolebinding <name> --role=<role-name> --group=group1 --group=group2
Once you bind, you can check the permission with:
kubectl auth can-i --list kubectl auth can-i --list --as system:serviceaccount:<sa-namespace>:<sa-name> kubectl auth can-i --list --as <user-name> kubectl auth can-i --list --as-group <group-name> --as <any-user-name-valid-or-not-valid>
kubectl auth can-i <verb> <resource> kubectl auth can-i get pods kubectl auth can-i delete pods
Refrences: