- Role Based Access Control(s) is a way of regulating access to entities like storage, network etc.
- RBAC authorization uses
There are 4 kind of kubernetes object
Role allows you to set permissions within a particular namespace.
A ClusterRole can be used to grant the same permissions as a Role. It a non name-space bound resource & has several uses
- Define permissions on namespaced resources and be granted within individual namespace(s)
- Define permissions on namespaced resources and be granted across all namespaces
- Define permissions on cluster-scoped resources
A role binding grants the permissions defined in a
role to a user or set of users. It uses a list of subjects (users, groups, or service accounts), and a reference to the role being granted.
A RoleBinding grants permissions within a specific namespace whereas a ClusterRoleBinding grants that access cluster-wide.
To grant permissions across a whole cluster, you can use a ClusterRoleBinding.
After you create a binding, you cannot change the Role or ClusterRole that it refers to. If you try to change a binding’s
roleRef, you get a validation error. If you do want to change the
roleRef for a binding, you need to remove the binding object and create a replacement.