Search⌘ K
Home
Courses
A Practical Guide to Kubernetes

Combining RoleBindings with Namespaces

Explore how to enhance Kubernetes cluster security by combining RoleBindings with namespaces. Understand creating namespace-specific permissions for users, enabling developers to manage resources safely within defined boundaries. Gain practical knowledge of binding roles to namespaces and verifying access controls.

We'll cover the following...

The solution

The new request demanding more freedom provides an excellent opportunity to combine namespaces with RoleBindings.

We can create a dev namespace and allow a selected group of users to do almost anything in it. This should give developers enough freedom within the dev namespace while avoiding the risks of negatively impacting the resources running in others.

Looking into the definition

Let’s look at the rb-dev.yml definition:

YAML
apiVersion: v1
kind: Namespace
metadata:
  name: dev
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: dev
  namespace: dev
subjects:
- kind: User
  name: jdoe
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: admin
  apiGroup: rbac.authorization.k8s.io

  • Lines 1–4: The first section defines the dev namespace.

  • Lines 8–20: The second section specifies the binding with the same name. Since we’re using RoleBinding (not ClusterRoleBinding), the effects will be limited to the dev namespace. At ...