0
0
Kubernetesdevops~30 mins

Roles and ClusterRoles in Kubernetes - Mini Project: Build & Apply

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Roles and ClusterRoles
📖 Scenario: You are managing access permissions in a Kubernetes cluster for a small team. You need to create specific permissions for users to control resources within a namespace and across the whole cluster.
🎯 Goal: Learn how to create a Role for namespace-specific permissions and a ClusterRole for cluster-wide permissions in Kubernetes.
📋 What You'll Learn
Create a Role YAML manifest with specific permissions in a namespace
Create a ClusterRole YAML manifest with cluster-wide permissions
Understand the difference between Role and ClusterRole
Use correct Kubernetes API syntax for Roles and ClusterRoles
💡 Why This Matters
🌍 Real World
In real Kubernetes clusters, controlling who can do what is critical for security and smooth operations. Roles and ClusterRoles help define these permissions clearly.
💼 Career
Understanding Roles and ClusterRoles is essential for Kubernetes administrators, DevOps engineers, and anyone managing cloud-native applications securely.
Progress0 / 4 steps
1
Create a Role YAML manifest
Create a YAML manifest named role.yaml that defines a Role called pod-reader in the development namespace. This Role should allow get, watch, and list actions on the resource pods.
Kubernetes
Need a hint?

Remember to specify kind: Role, the metadata.namespace, and the rules with correct resources and verbs.

2
Create a ClusterRole YAML manifest
Create a YAML manifest named clusterrole.yaml that defines a ClusterRole called node-reader. This ClusterRole should allow get, watch, and list actions on the resource nodes across the entire cluster.
Kubernetes
Need a hint?

Use kind: ClusterRole and do not specify a namespace because ClusterRoles are cluster-wide.

3
Bind the Role to a user in the namespace
Create a YAML manifest named rolebinding.yaml that binds the pod-reader Role in the development namespace to a user named alice. Use RoleBinding kind.
Kubernetes
Need a hint?

Use RoleBinding with subjects specifying the user and roleRef pointing to the Role.

4
Bind the ClusterRole to a user cluster-wide
Create a YAML manifest named clusterrolebinding.yaml that binds the node-reader ClusterRole to a user named bob across the entire cluster. Use ClusterRoleBinding kind.
Kubernetes
Need a hint?

Use ClusterRoleBinding with subjects specifying the user and roleRef pointing to the ClusterRole. No namespace is needed.