How can I use groups in RBAC?

Hi I am new to RBAC and want to create some users which are allowed to administer their own namespace.

In RoleBinding I have the possibility to subject a user or a group.

# This role binding allows "jane" to read pods in the "default" namespace.
kind: RoleBinding
  name: ns-full-access
  namespace: interface-manager
- kind: Group
  name:  grp-interface-manager-admin # Name is case sensitive
  kind: Role #this must be Role or ClusterRole
  name: namespace-full-access # this must match the name of the Role or ClusterRole you wish to bind to

Currently I do not have any external Active Directory integrated, so authenticating is done via certificates.

How can I bind group and user together, or does subject of kind group is only available with external auth-provider?

Thanks, Andreas

1 Like