Kubernetes roles:

Roles are the bridge that connect permissions to different kubernetes objects.


A
role is made up of kubernetes objects (services, pods...) and verbs, or action for example - Create, Read, Update and Delete -

Below is an example of a role in a YAML file format:


The apiGroups represent the groups that the resource belongs to, for example the kubernetes core API group could be found in "/api/v1".

Roles span a namespace and a clusterRoles span the entire cluster. 
A clusterRole is usually used for the non-namespaced objects.

A clusterRole could be defined as below:


We notice the absence of namespace field.

Rolebindings:

A RoleBinding object connects a Role to a user, group or service account
A clusterRoleBinding does the same for a cluster role.

Below is an example of a Rolebinding:


The above Yaml file assigns the "pod-role" role to a service account called user-1, and a User named "user-2" in the default namespace.

We could also see the role 
- "pod-role- in the Yaml file in the "roleRef"  section.

Remark:

Service accounts as opposed to user accounts are accounts meant for processes that are running inside a pod and not for regular users.
Brando Sabatini and Ikbal C ©. Powered by Blogger.