Multiple roleRef in RoleBinding or ClusterRoleBinding

General Discussions
1

Does K8S RoleBinding or ClusterRoleBidning support reference using roleRef multiple roles? or do I have to create a binding for each role I want to give the user or group?

Something like this:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dev-user-binding
  namespace: xxxnamexxx
subjects:
- kind: ServiceAccount
  name: dev-user
  namespace: xxxnamexxx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  **name: tigera-ui-user**
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  **name: tigera-dev-user**

Thanks in advance

Oren

1 Like
2

According to the documenation, there can be only one roleRef which can reference only one role:
So you have to create a binding for each role you want to give to a given user or group?

kubectl explain RoleBinding     
KIND:     RoleBinding
VERSION:  rbac.authorization.k8s.io/v1

DESCRIPTION:
     RoleBinding references a role, but does not contain it. It can reference a
     Role in the same namespace or a ClusterRole in the global namespace. It
    ...

   roleRef	<Object> -required-
     RoleRef can reference a Role in the current namespace or a ClusterRole in
     the global namespace. If the RoleRef cannot be resolved, the Authorizer
     must return an error.

   subjects	<[]Object>
     Subjects holds references to the objects the role applies to.