Jump to navigation ↓

RoleBinding rbac.authorization.k8s.io/v1

RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.

Fields

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata (ObjectMeta)

Standard object's metadata.

roleRef (RoleRef)

RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.

RoleRef contains information that points to the role being used

roleRef.kind (string)

Kind is the type of resource being referenced

roleRef.name (string)

Name is the name of resource being referenced

roleRef.apiGroup (string)

APIGroup is the group for the resource being referenced

subjects ([]Subject)

Subjects holds references to the objects the role applies to.

Subject

Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.

kind (string)

kind indicates which one of the other fields is non-empty. Required

group (GroupSubject)

group matches based on user group name.

GroupSubject holds detailed information for group-kind subject.

group.name (string)

name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required.

serviceAccount (ServiceAccountSubject)

serviceAccount matches ServiceAccounts.

ServiceAccountSubject holds detailed information for service-account-kind subject.

serviceAccount.name (string)

name is the name of matching ServiceAccount objects, or "*" to match regardless of name. Required.

serviceAccount.namespace (string)

namespace is the namespace of matching ServiceAccount objects. Required.

user (UserSubject)

user matches based on username.

UserSubject holds detailed information for user-kind subject.

user.name (string)

name is the username that matches, or "*" to match all usernames. Required.

RoleBindingList

RoleBindingList is a collection of RoleBindings

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBindingList
metadata (ListMeta)

Standard object's metadata.

items ([]RoleBinding)

Items is a list of RoleBindings