ClusterRoleBindings
Similar to a RoleBinding, a ClusterRoleBinding grants the permissions defined in a ClusterRole to a set of users, but it applies cluster-wide.
ClusterRoleBindings.yaml: In this ClusterRoleBinding, the ‘node-reader’ ClusterRole is assigned to the user ‘john’, allowing ‘john’ to read Node information across the entire cluster.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-nodes
subjects:
- kind: User
name: john
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: node-reader
apiGroup: rbac.authorization.k8s.io
How To Use Kubernetes RBAC (Role-Based Access Control)?
In a nutshell, Role-Based Access Control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an organization. In the context of Kubernetes, RBAC is a security feature that controls access to resources within your cluster. It allows you to specify what actions a user or a group of users can and cannot perform. This is vital in a team environment, where not everyone should have full, unrestricted access to all resources.
Before we go further, let’s briefly understand the architecture of Kubernetes. Kubernetes follows a master-worker node architecture. The master node is responsible for maintaining the desired state (like which applications or other workloads should be running and which nodes they live on), and the worker nodes actually run the workloads.