Repositories
v1v

kubernetes/authorization-resources

v1
Published by: Kubernetes1Updated

Kubernetes v1 Authorization resources, primarily using Role-Based Access Control (RBAC), are components that regulate access to the Kubernetes API and cluster resources through the rbac.authorization.k8s.io API group. These resources include Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings, which work together to define and enforce fine-grained access policies for users, groups, and service accounts within a Kubernetes cluster

|

Authentication

Add API authentication details

HEADERS
X-APIKEY
string
Send X-APIKEY in Header

Readme

User instructions for this resource

The ClusterRoleBinding template is designed to grant cluster-wide permissions defined in a ClusterRole to a set of users, groups, or service accounts. It uses a combination of facets and variables to allow for different configurations.

Variables

The template uses variables for dynamic content:

  • __CRB_ID__ : This global variable represents the identifier for the ClusterRoleBinding, used to access specific fields in the request values.

Collection Breakdown

  1. Base
{
    "kind": "ClusterRoleBinding",
    "facets": ["master"],
    "roleRef": {
        "kind": "ClusterRole",
        "name": "{{ __CRB_ID__.roleRef.name }}",
        "apiGroup": "rbac.authorization.k8s.io"
    },
    "metadata": "{{ __CRB_ID__.metadata }}",
    "apiVersion": "rbac.authorization.k8s.io/v1"
}
  • This section is always included (due to the master facet).
  • It sets the kind, apiVersion, and roleRef.
  • The metadata is populated from the request values.
  • The roleRef specifies the ClusterRole being bound.
  1. Subjects
{
    "facets": ["addon:subjects"],
    "subjects": "{{ __CRB_ID__.subjects }}"
}
  • This section is optional and included when the addon:subjects facet is specified.
  • It populates the subjects field from the request values.

Design Decisions

  1. Cluster-wide Scope: ClusterRoleBindings are always cluster-scoped, granting permissions across all namespaces.

  2. Flexibility in Subject Assignment: The addon:subjects facet allows for optional inclusion of subjects, enabling the binding of a ClusterRole to multiple users, groups, or service accounts.

  3. Immutable roleRef: The roleRef is part of the base object, reflecting that it cannot be changed after creation without deleting and recreating the binding.

  4. Reusability: The use of variables allows for dynamic content population, making the template reusable for different ClusterRoleBinding configurations.

Examples

Check Request Body tab section to play around with interactive examples.

Install(Example)

The Curl tab in the request section below provides the curl command for your resource.

curl -X POST "https://configfacets.com/apis/repos/kubernetes/authorization-resources/v1/resources/collections/clusterrolebinding/exec?format=json" -d '{"facets":["addon:subjects"],"values":{"basic_crb":{"roleRef":{"name":"example-clusterrole"},"metadata":{"name":"example-clusterrolebinding"},"subjects":[{"kind":"User","name":"jane","apiGroup":"rbac.authorization.k8s.io"},{"kind":"Group","name":"system:authenticated","apiGroup":"rbac.authorization.k8s.io"}]}},"globalvars":{"__CRB_ID__":"basic_crb"}}' | kubectl apply -f -

Collection API

POST/apis/repos/kubernetes/authorization-resources/v1/resources/collections/clusterrolebinding/exec
REQUEST
QUERY-STRING PARAMETERS
format
string
No sources available.
API Server https://configfacets.com
API Key
Not set
RESPONSES
No content available.