Role-based Access Control

Access to Kubernetes resources can be granted based on roles and the permissions associated with roles. With role-based access control (RBAC), it is possible to restrict unauthorized access to Kubernetes resources.

In Kubernetes, roles are categorized as Roles and ClusterRoles, whereas permissions are categorized as RoleBinding and ClusterRoleBinding.

Role and RoleBinding

A role is a set of permissions that can be granted on resources in a namespace.

Roles are used to associate resources to actions. A role specifies the actions that are allowed on one or more resources.

Resources are denoted as nouns and actions as verbs in Kubernetes. For example, a create action can be performed on a configmap resource.

Role binding grants permission on a Kubernetes resource and operations related to the Kubernetes resource, to a user, a group, or a service account.

ClusterRole and ClusterRoleBinding

A ClusterRole is a set of permission that can be granted on resources in a cluster.

A ClusterRoleBinding is about binding or associating a ClusterRole with a user, a group of users, or a service account.