Kubernetes 101 : Role-based access control aggregation - RBAC - rules

We can combine different ClusterRoles through the use of labels.

The ClusterRole "pods" allows us to list pods, the ClusterRole
"services" allows to list services.

The below Yaml file describes the ClusterRole named "pods" for listing pods:

The below Yaml file describes the ClusterRole named "services" for listing services:

To combine the above ClusterRoles, we can specify an aggregationRule which describes the labels for these

The rule field will have all the ClusterRoles that match the labels in the matchLabels field.

We could check our ClusterRole using the below command:

The aggregationRule specifies "matchLabels" fields that kubernetes uses to match other ClusterRole objects that should be combined into the "aggregate" ClusterRole.


Leave as a comment: