Jump to navigation ↓

ClusterRoleBinding rbac.authorization.k8s.io/v1

ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.

Fields

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata (ObjectMeta)

Standard object's metadata.

roleRef (RoleRef)

RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.

RoleRef contains information that points to the role being used

roleRef.kind (string)

Kind is the type of resource being referenced

roleRef.name (string)

Name is the name of resource being referenced

roleRef.apiGroup (string)

APIGroup is the group for the resource being referenced

subjects ([]Subject)

Subjects holds references to the objects the role applies to.

Subject

Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.

kind (string)

kind indicates which one of the other fields is non-empty. Required

group (GroupSubject)

group matches based on user group name.

GroupSubject holds detailed information for group-kind subject.

group.name (string)

name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required.

serviceAccount (ServiceAccountSubject)

serviceAccount matches ServiceAccounts.

ServiceAccountSubject holds detailed information for service-account-kind subject.

serviceAccount.name (string)

name is the name of matching ServiceAccount objects, or "*" to match regardless of name. Required.

serviceAccount.namespace (string)

namespace is the namespace of matching ServiceAccount objects. Required.

user (UserSubject)

user matches based on username.

UserSubject holds detailed information for user-kind subject.

user.name (string)

name is the username that matches, or "*" to match all usernames. Required.

ClusterRoleBindingList

ClusterRoleBindingList is a collection of ClusterRoleBindings

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBindingList
metadata (ListMeta)

Standard object's metadata.

items ([]ClusterRoleBinding)

Items is a list of ClusterRoleBindings