Repositories
v1v

kubernetes/authorization-resources

v1
Published by: Kubernetes1Updated

Kubernetes v1 Authorization resources, primarily using Role-Based Access Control (RBAC), are components that regulate access to the Kubernetes API and cluster resources through the rbac.authorization.k8s.io API group. These resources include Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings, which work together to define and enforce fine-grained access policies for users, groups, and service accounts within a Kubernetes cluster

|

Authentication

Add API authentication details

HEADERS
X-APIKEY
string
Send X-APIKEY in Header

Readme

User instructions for this resource

The RoleBinding template is designed to bind a Role to a set of users, groups, or service accounts within a specific namespace in a Kubernetes cluster. It uses a combination of facets and variables to allow for different configurations.

Variables

The template uses variables for dynamic content:

  • __RB_ID__: This global variable represents the identifier for the RoleBinding, used to access specific fields in the request values.

Collection Background

  1. Base
{
    "kind": "RoleBinding",
    "facets": ["master"],
    "roleRef": {
        "kind": "Role",
        "name": "{{ __RB_ID__.roleRef.name }}",
        "apiGroup": "rbac.authorization.k8s.io"
    },
    "metadata": "{{ __RB_ID__.metadata }}",
    "apiVersion": "rbac.authorization.k8s.io/v1"
}
  • This section is always included (due to the master facet).
  • It sets the kind, apiVersion, and roleRef.
  • The metadata is populated from the request values, including the namespace.
  • The roleRef specifies the Role being bound.
  1. Subjects
{
    "facets": ["addon:subjects"],
    "subjects": "{{ __RB_ID__.subjects }}"
}
  • This section is optional and included when the addon:subjects facet is specified.
  • It populates the subjects field from the request values, defining the users, groups, or service accounts to which the Role is bound.

Design Decisions

  1. Namespace Scope: RoleBindings are namespace-scoped, allowing for fine-grained access control within specific namespaces.

  2. Flexibility in Subject Assignment: The addon:subjects facet allows for optional inclusion of subjects, enabling the binding of a Role to multiple users, groups, or service accounts within the namespace.

  3. Immutable roleRef: The roleRef is part of the base object, reflecting that it cannot be changed after creation without deleting and recreating the binding.

  4. Reusability: The use of variables allows for dynamic content population, making the template reusable for different RoleBinding configurations across namespaces.

Examples

Check Request Body tab section to play around with interactive examples.

Install(Example)

The Curl tab in the request section below provides the curl command for your resource.

curl -X POST "https://configfacets.com/apis/repos/kubernetes/authorization-resources/v1/resources/collections/rolebinding/exec?format=json" -d '{"facets":["addon:subjects"],"values":{"basic_rb":{"roleRef":{"name":"example-role"},"metadata":{"name":"example-rolebinding","namespace":"default"},"subjects":[{"kind":"User","name":"alice","apiGroup":"rbac.authorization.k8s.io"},{"kind":"ServiceAccount","name":"frontend","namespace":"default"}]}},"globalvars":{"__RB_ID__":"basic_rb"}}' | kubectl apply -f -

Collection API

POST/apis/repos/kubernetes/authorization-resources/v1/resources/collections/rolebinding/exec
REQUEST
QUERY-STRING PARAMETERS
format
string
No sources available.
API Server https://configfacets.com
API Key
Not set
RESPONSES
No content available.