Link Search Menu Expand Document

RoleBinding

role-binding.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
# This role binding allows "jane" to read pods in the "default" namespace.
# You need to already have a Role named "pod-reader" in that namespace.
kind: RoleBinding
metadata:
  name: rbac-role-binding-role-binding
subjects:
  # You can specify more than one "subject"
  - kind: User
    name: jane  # "name" is case sensitive
    apiGroup: rbac.authorization.k8s.io
roleRef:
  # "roleRef" specifies the binding to a Role / ClusterRole
  kind: Role  # this must be Role or ClusterRole
  # this must match the name of the Role or ClusterRole you wish to bind to
  name: rbac-role-binding-role
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: rbac-role-binding-role
rules:
  - apiGroups: [""]  # "" indicates the core API group
    resources: ["pods"]
    verbs: ["get", "watch", "list"]

https://kubernetes.io/docs/reference/access-authn-authz/rbac/