Kubernetes 101 : Default and user-defined roles

After its installation, kubernetes creates a bunch of default roles. These roles are what define the "rights" of a kubernetes account in the cluster.

We can "bind" these roles to kubernetes accounts using  a roleBinding object.

Below we have a short description of some of the default roles in kubernetes:
  • cluster-admin role : gives accounts read-write access to all the resources throughout the cluster.
  • admin role : gives accounts read-write access to resources in namespaces.
  • edit role : gives accounts read-write access to resources - besides roles and roleBindings - in namespace . 
  • view : gives accounts read-only access to resources in namespaces.
We could create roles using the command line as follows:

The "role_1" role is related to pods and it allows the actions or verbs "list, get".


We can use the wildcard “*” to refer to all the verbs and resources.
If we don't mention resource names the role will apply to all the resources.

Below is another example of a role in a Yaml file format:

Pods use an empty string as their API version because they belong to the main/core group. 

After our role is created using the "kubectl apply" command, we can check it using the below command: 


Leave as a comment: