ClusterRole binding¶

A ClusterRole binding is a Kubernetes object used within the Role-Based Access Control (RBAC) system to grant permissions defined in a [[ClusterRole]] to a specific subject, such as a user, group, or [[Service Account]]^[dashboatd.install.md].

It operates by defining a roleRef which points to the ClusterRole (often a default role like cluster-admin) and a list of subjects (like the cluster-admin-tommy ServiceAccount) that receive the permissions^[dashboatd.install.md]. This allows for the centralized management of cluster-wide privileges^[dashboatd.install.md].

Example Configuration¶

The following is an example of a ClusterRoleBinding named cluster-admin-binding that grants a service account administrative privileges^[dashboatd.install.md]:

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cluster-admin-binding
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  # 使用 Kubernetes 預設建立的 ClusterRole
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: cluster-admin-tommy
  namespace: kube-system

Sources¶

^[dashboatd.install.md]