You created a ClusterRoleBinding but users report they cannot access cluster resources. Which is the most likely mistake?
medium📝 Troubleshoot Q14 of 15
Kubernetes - RBAC and Security
You created a ClusterRoleBinding but users report they cannot access cluster resources. Which is the most likely mistake?
AThe <code>subjects</code> field is missing the user names.
BThe <code>roleRef</code> kind is set to <code>Role</code> instead of <code>ClusterRole</code>.
CThe <code>ClusterRoleBinding</code> is created in a namespace.
DThe <code>apiVersion</code> is set to <code>v1</code> instead of <code>rbac.authorization.k8s.io/v1</code>.
Step-by-Step Solution
Solution:
Step 1: Check roleRef kind for ClusterRoleBinding
A ClusterRoleBinding must reference a ClusterRole in its roleRef.kind. Using Role is invalid and prevents access.
Step 2: Verify other fields
While missing subjects or wrong apiVersion cause issues, the most common cause is wrong roleRef.kind. ClusterRoleBindings are cluster-scoped and do not belong to namespaces.
Final Answer:
The roleRef kind must be ClusterRole, not Role. -> Option B
Quick Check:
ClusterRoleBinding needs ClusterRole in roleRef [OK]
Quick Trick:ClusterRoleBinding must reference ClusterRole kind [OK]
Common Mistakes:
Using Role instead of ClusterRole in roleRef
Creating ClusterRoleBinding in a namespace
Forgetting to specify subjects
Master "RBAC and Security" in Kubernetes
9 interactive learning modes - each teaches the same concept differently
