Cluster-level users and permissions

Get introduced to ClusterRoles and ClusterRoleBindings in Kubernetes.

We'll cover the following

Pre-created users and permissions
Summarising authorization

So far, we’ve seen Roles and RoleBindings. However, Kubernetes has four RBAC objects:

Roles
RoleBindings
ClusterRoles
ClusterRoleBindings

Roles and RoleBindings are namespaced objects. This means we apply them to specific Namespaces. On the other hand, ClusterRoles and ClusterRoleBindings are cluster-wide objects and apply to all Namespaces. All four are defined in the same API sub-group, and their YAML structures are almost identical.

A powerful pattern is to use ClusterRoles to define roles at the cluster level and then use RoleBindings to bind them to specific Namespaces. This lets us define common roles once and re-use them in specific Namespaces, as shown in the following figure.

Get hands-on with 1400+ tech skills courses.

Kubernetes Primer

Kubernetes Principles of Operation

Getting Kubernetes

Working With Pods: Theory

Working with Pods: Hands-On

Virtual Clusters with Namespaces

Kubernetes Deployments

Kubernetes Services: Theory

Kubernetes Services: Hands-On

Ingress

WebAssembly on Kubernetes

Service Discovery Deep Dive

Kubernetes Storage

ConfigMaps

StatefulSets

API Security and RBAC

Kubernetes API

Threat Modeling Kubernetes

Real-World Kubernetes Security

Conclusion

Cluster-level users and permissions