How can I use groups in RBAC?

asp · October 1, 2019, 8:25am

Hi I am new to RBAC and want to create some users which are allowed to administer their own namespace.

In RoleBinding I have the possibility to subject a user or a group.

apiVersion: rbac.authorization.k8s.io/v1
# This role binding allows "jane" to read pods in the "default" namespace.
kind: RoleBinding
metadata:
  name: ns-full-access
  namespace: interface-manager
subjects:
- kind: Group
  name:  grp-interface-manager-admin # Name is case sensitive
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role #this must be Role or ClusterRole
  name: namespace-full-access # this must match the name of the Role or ClusterRole you wish to bind to
  apiGroup: rbac.authorization.k8s.io

Currently I do not have any external Active Directory integrated, so authenticating is done via certificates.

How can I bind group and user together, or does subject of kind group is only available with external auth-provider?

Thanks, Andreas

Topic		Replies	Views
About "apiGroup: rbac.authorization.k8s.io" in role binding General Discussions docs	1	1810	November 18, 2021
Multiple roleRef in RoleBinding or ClusterRoleBinding General Discussions	1	10449	January 11, 2023
RBAC for K8s secrets limited to certain pods in same namespace General Discussions	2	952	August 15, 2020
How to limit the scope of Namespace with ClusterRole? General Discussions development	4	16897	August 31, 2022
Multi-user MicroK8s microk8s docs	1	8153	July 30, 2024

How can I use groups in RBAC?

Related topics