- Roles / RoleBindings
-
A
Role
represents a set of permissions within a particular namespace. E.g: A given user can list pods/services within the namespace. TheRoleBinding
is used for granting the permissions defined in a role to a user or group of users. Applications may create roles and rolebindings within their namespace, however the scope of a role will be limited to the same permissions that the creator has or less.
See test case access-control-pod-role-bindings
- ClusterRole / ClusterRoleBinding
-
A
ClusterRole
represents a set of permissions at the cluster level that can be used by multiple namespaces. TheClusterRoleBinding
is used for granting the permissions defined in aClusterRole
to a user or group of users at a namespace level. Applications are not permitted to install cluster roles or create cluster role bindings. This is an administrative activity done by cluster administrators. Workloads should not use cluster roles; exceptions can be granted to allow this, however this is discouraged.
See Using RBAC to define and apply permissions for more information.
Important
|
Workload requirement
Workloads may not create See test case access-control-cluster-role-bindings |