Kubernetes RBAC Operations
Jump to navigation
Jump to search
Internal
List Cluster Roles
kubectl get clusterroles
Get Details about a Specific Cluster Role
kubectl -o yaml get clusterroles cluster-admin
List Cluster Role Bindings
kubectl get clusterrolebindings
Get Details about a Specific Cluster Role Binding
kubectl get clusterrolebindings cluster-admin -o yaml
Create a Role
With Metadata
With CLI
kubectl -n <namespace-name> create role <role-name> --verb=use --resource=podsecuritypolicy --resource-name=example
Create a Role Binding
With Metadata
With CLI
kubectl -n <namespace-name> create rolebinding <role-binding-name> --role=<role-name> --serviceaccount=<namespace-name:service-account-name>
kubectl -n <namespace-name> create rolebinding <role-binding-name> --role=<role-name> --user=<user-name>
It is some times convenient to use the same name for role and role binding.
Create a Cluster Role Binding
With Metadata
With CLI
kubectl create clusterrolebinding some-clusterrole-binding --clusterrole=some-clusterrole --serviceaccount=some-namespace:some-sa
Assigning a Cluster Role to a Service Account
Using Metadata
kubectl apply -f
the following manifest:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: blue-default-service-account-cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: default
namespace: blue
With CLI
kubectl create rolebinding -n <namespace> <role-binding-name> --clusterrole=<clusterrole-name> --serviceaccount=<namespace>:<serviceaccount-name>
kubectl create rolebinding -n blue edit-blue-serviceaccount-binding --clusterrole=edit --serviceaccount=blue:blue-serviceaccount