[英]Kubernetes: Diffrerence between RoleBinding and ClusterRoleBinding
What is the difference between RoleBinding and ClusterRoleBinding? RoleBinding 和 ClusterRoleBinding 有什么区别? And what are the usages of them?
它们的用途是什么?
The Cluster variants apply to every namespace. Cluster 变体适用于每个命名空间。 The others only to the namespace they are in.
其他人只到他们所在的命名空间。
Please refer the Kubernetes documentation here请参阅此处的 Kubernetes 文档
A Role always sets permissions within a particular namespace;
角色总是在特定的命名空间内设置权限; when you create a Role, you have to specify the namespace it belongs in.
创建角色时,必须指定它所属的命名空间。
ClusterRole, by contrast, is a non-namespaced resource.
相反,ClusterRole 是一个非命名空间资源。 The resources have different names (Role and ClusterRole) because a Kubernetes object always has to be either namespaced or not namespaced;
资源具有不同的名称(Role 和 ClusterRole),因为 Kubernetes object 始终必须是命名空间或不命名空间; it can't be both.
不可能两者兼而有之。
A rolebinding is namespace scoped and clusterrolebinding is cluster scoped ie across all namespace.角色绑定是命名空间范围的,而集群角色绑定是集群范围的,即跨所有命名空间。
ClusterRoles and ClusterRoleBindings are useful in the following cases: ClusterRoles 和 ClusterRoleBindings 在以下情况下很有用:
Give permissions for non-namespaced resources like nodes授予节点等非命名空间资源的权限
Give permissions for resources in all the namespaces of a cluster授予集群所有命名空间中资源的权限
Give permissions for non-resource endpoints like /healthz为 /healthz 等非资源端点授予权限
A RoleBinding can also reference a ClusterRole to grant the permissions defined in that ClusterRole to resources inside the RoleBinding's namespace. RoleBinding 还可以引用 ClusterRole 以将在该 ClusterRole 中定义的权限授予 RoleBinding 命名空间内的资源。 This kind of reference lets you define a set of common roles across your cluster, then reuse them within multiple namespaces.
这种引用允许您在集群中定义一组通用角色,然后在多个命名空间中重用它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.