Kubernetes 101 : RBAC - Accounts, Roles and RoleBindings -

Kubernetes roles:

Roles are the bridge that connect permissions to different kubernetes objects.

A role is made up of kubernetes objects (services, pods, ...) and verbs, or action for example - Create, Read, Update and Delete -

Below is an example of a role in a YAML file format:

The apiGroups represent the groups that the resource belongs to, for example the kubernetes core API group could be found in "/api/v1".

Roles span a namespace and a clusterRoles span the entire cluster.

A clusterRole is usually used for the non-namespaced objects.

A clusterRole could be defined as below:

We notice the absence of namespace field.

Rolebindings:

A RoleBinding object connects a Role to a user, group or service account.

A clusterRoleBinding does the same for a cluster role.

Below is an example of a Rolebinding:

The above Yaml file assigns the "pod-role" role to a service account called user-1, and a User named "user-2" in the default namespace.

We could also see the role - "pod-role" - in the Yaml file in the "roleRef" section.

Remark:

Service accounts as opposed to user accounts are accounts meant for processes that are running inside a pod and not for regular users.

Leave as a comment:

IT hands-on