How can I use groups in RBAC?

Hi I am new to RBAC and want to create some users which are allowed to administer their own namespace.

In RoleBinding I have the possibility to subject a user or a group.

apiVersion: rbac.authorization.k8s.io/v1
# This role binding allows "jane" to read pods in the "default" namespace.
kind: RoleBinding
metadata:
  name: ns-full-access
  namespace: interface-manager
subjects:
- kind: Group
  name:  grp-interface-manager-admin # Name is case sensitive
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role #this must be Role or ClusterRole
  name: namespace-full-access # this must match the name of the Role or ClusterRole you wish to bind to
  apiGroup: rbac.authorization.k8s.io

Currently I do not have any external Active Directory integrated, so authenticating is done via certificates.

How can I bind group and user together, or does subject of kind group is only available with external auth-provider?

Thanks, Andreas

1 Like