Kubernetes 101 : RBAC - Accounts, Roles and RoleBindings -

Kubernetes roles:

Roles are the bridge that connect permissions to different kubernetes objects.

role is made up of kubernetes objects (services, pods...) and verbs, or action for example - Create, Read, Update and Delete -

Below is an example of a role in a YAML file format:

The apiGroups represent the groups that the resource belongs to, for example the kubernetes core API group could be found in "/api/v1".

Roles span a namespace and a clusterRoles span the entire cluster. 
A clusterRole is usually used for the non-namespaced objects.

A clusterRole could be defined as below:

We notice the absence of namespace field.


A RoleBinding object connects a Role to a user, group or service account
A clusterRoleBinding does the same for a cluster role.

Below is an example of a Rolebinding:

The above Yaml file assigns the "pod-role" role to a service account called user-1, and a User named "user-2" in the default namespace.

We could also see the role 
- "pod-role- in the Yaml file in the "roleRef"  section.


Service accounts as opposed to user accounts are accounts meant for processes that are running inside a pod and not for regular users.


Leave as a comment: