RoleBinding rbac.authorization.k8s.io/v1
RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.
Fields
- apiVersion:
rbac.authorization.k8s.io/v1 - kind:
RoleBinding - metadata (ObjectMeta)
-
Standard object's metadata.
- roleRef (RoleRef)
-
RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.
RoleRef contains information that points to the role being used
- roleRef.kind (string)
Kind is the type of resource being referenced
- roleRef.name (string)
Name is the name of resource being referenced
- roleRef.apiGroup (string)
APIGroup is the group for the resource being referenced
- subjects ([]Subject)
-
Subjects holds references to the objects the role applies to.
Subject
Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.
- kind (string)
-
kindindicates which one of the other fields is non-empty. Required - group (GroupSubject)
-
groupmatches based on user group name.GroupSubject holds detailed information for group-kind subject.
- group.name (string)
name is the user group that matches, or "*" to match all user groups. See https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go for some well-known group names. Required.
- serviceAccount (ServiceAccountSubject)
-
serviceAccountmatches ServiceAccounts.ServiceAccountSubject holds detailed information for service-account-kind subject.
- serviceAccount.name (string)
nameis the name of matching ServiceAccount objects, or "*" to match regardless of name. Required.- serviceAccount.namespace (string)
namespaceis the namespace of matching ServiceAccount objects. Required.
- user (UserSubject)
-
usermatches based on username.UserSubject holds detailed information for user-kind subject.
- user.name (string)
nameis the username that matches, or "*" to match all usernames. Required.
RoleBindingList
RoleBindingList is a collection of RoleBindings
- apiVersion:
rbac.authorization.k8s.io/v1 - kind:
RoleBindingList - metadata (ListMeta)
-
Standard object's metadata.
- items ([]RoleBinding)
-
Items is a list of RoleBindings