ClusterRoleBinding rbac.authorization.k8s.io/v1
ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.
Fields
- apiVersion:
rbac.authorization.k8s.io/v1 - kind:
ClusterRoleBinding - metadata (ObjectMeta)
-
Standard object's metadata.
- roleRef (RoleRef)
-
RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.
RoleRef contains information that points to the role being used
- roleRef.kind (string)
Kind is the type of resource being referenced
- roleRef.name (string)
Name is the name of resource being referenced
- roleRef.apiGroup (string)
APIGroup is the group for the resource being referenced
- subjects ([]Subject)
-
Subjects holds references to the objects the role applies to.
Subject
Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.
- kind (string)
-
kindindicates which one of the other fields is non-empty. Required - group (GroupSubject)
-
groupmatches based on user group name.GroupSubject holds detailed information for group-kind subject.
- group.name (string)
name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required.
- serviceAccount (ServiceAccountSubject)
-
serviceAccountmatches ServiceAccounts.ServiceAccountSubject holds detailed information for service-account-kind subject.
- serviceAccount.name (string)
nameis the name of matching ServiceAccount objects, or "*" to match regardless of name. Required.- serviceAccount.namespace (string)
namespaceis the namespace of matching ServiceAccount objects. Required.
- user (UserSubject)
-
usermatches based on username.UserSubject holds detailed information for user-kind subject.
- user.name (string)
nameis the username that matches, or "*" to match all usernames. Required.
ClusterRoleBindingList
ClusterRoleBindingList is a collection of ClusterRoleBindings
- apiVersion:
rbac.authorization.k8s.io/v1 - kind:
ClusterRoleBindingList - metadata (ListMeta)
-
Standard object's metadata.
- items ([]ClusterRoleBinding)
-
Items is a list of ClusterRoleBindings