Kubernetes 101: Cluster Roles and Cluster Role Bindings
Namespaced resources:
Namespaces is a Linux concept that helps isolate resources from each other, so that some processes see one set of resources, while other processes see another set of resources.
We can display the namespaced resources using the below command:
Non-namespaced resources:
kubernetes-admin-role.yaml
We create the role using the below command:
Nodes on the other hand are not namespaced, they live in the kubernetes cluster and they are not tied to any namespace.
We don't mention namespaces when we want to create non-namespaced resources.
We don't mention namespaces when we want to create non-namespaced resources.
We can disply these resources using:
ClusterRoles and ClusterRoleBindings:
We give access to non-namespaced resources using clusterRoles and and we assign clusterRoles to users using clusterRoleBindings.
Clusterroles are the cluster-wide equivalent of roles.
Clusterroles are the cluster-wide equivalent of roles.
Example:
A kubernetes-administrator user can create pods, delete and list them.
Below is the configuration file for the cluster-role:
kubernetes-admin-role.yaml
We need now to assign the kubernetes-administrator user to the kubernetes-administator-role using a ClusterRoleBinding which binds the user to the role:
We create the role binding using the below command:
Remark:
We can also create clusterRole for namespaced resources, in that case the user will have access to all the namespaced resources across the whole cluster.
Comments