Can RBAC control access to individual resources?

In RBAC, this yaml grants access to Secrets. But what if I want a ClusterRole that grants access to specific Secrets, so that I can give a user access to some Secrets and not others?

kind: ClusterRole
  name: secret-reader
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "watch", "list"]

This can be done with resourceNames

1 Like