Kubernetesdevops~30 mins

RoleBindings and ClusterRoleBindings in Kubernetes - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

RoleBindings and ClusterRoleBindings in Kubernetes

📖 Scenario: You are managing access control in a Kubernetes cluster. You need to assign permissions to users and groups so they can perform specific actions on resources.RoleBindings and ClusterRoleBindings connect users or groups to roles that define what they can do.

🎯 Goal: Create a RoleBinding and a ClusterRoleBinding to grant permissions to a user and a group respectively.

📋 What You'll Learn

Create a RoleBinding named read-pods-binding in the default namespace

Bind the view ClusterRole to the user alice using the RoleBinding

Create a ClusterRoleBinding named admin-group-binding

Bind the cluster-admin ClusterRole to the group admins using the ClusterRoleBinding

💡 Why This Matters

🌍 Real World

Kubernetes administrators use RoleBindings and ClusterRoleBindings to control who can do what in the cluster, ensuring security and proper access.

💼 Career

Understanding RBAC in Kubernetes is essential for DevOps engineers and cloud administrators managing secure and compliant Kubernetes environments.

Progress0 / 4 steps

Create a RoleBinding YAML skeleton

Create a YAML manifest for a RoleBinding named read-pods-binding in the default namespace. Include the apiVersion, kind, metadata with name and namespace, and an empty subjects and roleRef section.

Kubernetes

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods-binding
  namespace: default
subjects: []
roleRef: {}
# Fill in the subjects and roleRef sections below

Need a hint?

Start with the basic structure of a RoleBinding YAML manifest.

Add the user subject to the RoleBinding

Add a subjects entry to the RoleBinding with kind: User, name: alice, and apiGroup: rbac.authorization.k8s.io.

Kubernetes

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods-binding
  namespace: default
subjects:
  # Add user alice as a subject here
roleRef: {}

Need a hint?

Use a list item under subjects with the specified keys and values.

Set the roleRef to the view ClusterRole

Set the roleRef section with apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, and name: view.

Kubernetes

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods-binding
  namespace: default
subjects:
- kind: User
  name: alice
  apiGroup: rbac.authorization.k8s.io
roleRef:
  # Add roleRef details here

Need a hint?

roleRef connects the RoleBinding to the ClusterRole named view.

Create a ClusterRoleBinding for the admins group

Create a YAML manifest for a ClusterRoleBinding named admin-group-binding. Bind the cluster-admin ClusterRole to the group admins by setting subjects with kind: Group, name: admins, and apiGroup: rbac.authorization.k8s.io. Set roleRef with apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, and name: cluster-admin. Print the full YAML manifest for this ClusterRoleBinding.

Kubernetes

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods-binding
  namespace: default
subjects:
- kind: User
  name: alice
  apiGroup: rbac.authorization.k8s.io
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view

# Add the ClusterRoleBinding YAML manifest below

Need a hint?

ClusterRoleBinding is cluster-wide and binds a group to a ClusterRole.