educative.io

Educative

Role Binding for Cluster Role

Isn’t this a bit strange, we are defining role bindings for cluster roles?
What is the use case of doing something like this?
Like ideally shouldn’t it be role bindings for roles and cluster role bindings for cluster roles?


Course: A Practical Guide to Kubernetes - Learn Interactively
Lesson: Creating Role Bindings - A Practical Guide to Kubernetes

i can think of a use case.
advantage is that the the cluster role can be reused for different scenarios.
the view cluster role allows for viewing in any namespace, it is cluster scoped.
by attaching it via role bindings we limit the user’s permissions to a namespace.

e.g. admin cluster role can have role bindings to

  • dev namespace for developers
  • both dev and prod namespace for tech leads.

Course: A Practical Guide to Kubernetes - Learn Interactively
Lesson: Creating Role Bindings - A Practical Guide to Kubernetes