Hi I am new to RBAC and want to create some users which are allowed to administer their own namespace.
In RoleBinding I have the possibility to subject a user or a group.
apiVersion: rbac.authorization.k8s.io/v1 # This role binding allows "jane" to read pods in the "default" namespace. kind: RoleBinding metadata: name: ns-full-access namespace: interface-manager subjects: - kind: Group name: grp-interface-manager-admin # Name is case sensitive apiGroup: rbac.authorization.k8s.io roleRef: kind: Role #this must be Role or ClusterRole name: namespace-full-access # this must match the name of the Role or ClusterRole you wish to bind to apiGroup: rbac.authorization.k8s.io
Currently I do not have any external Active Directory integrated, so authenticating is done via certificates.
How can I bind group and user together, or does subject of kind group is only available with external auth-provider?