堆栈内存溢出
  简体   繁体   English

Kubernetes:RoleBinding 和 ClusterRoleBinding 之间的差异

[英]Kubernetes: Diffrerence between RoleBinding and ClusterRoleBinding

 原文  2020-04-03 01:56:37       kubernetes

问题描述

What is the difference between RoleBinding and ClusterRoleBinding? RoleBinding 和 ClusterRoleBinding 有什么区别? And what are the usages of them?它们的用途是什么?

3 个解决方案

解决方案1
 2  2020-04-03 02:30:47

The Cluster variants apply to every namespace. Cluster 变体适用于每个命名空间。 The others only to the namespace they are in.其他人只到他们所在的命名空间。

解决方案2
 2 已采纳  2020-04-03 03:10:34

Please refer the Kubernetes documentation here请参阅此处的 Kubernetes 文档

A Role always sets permissions within a particular namespace;角色总是在特定的命名空间内设置权限; when you create a Role, you have to specify the namespace it belongs in.创建角色时,必须指定它所属的命名空间。

ClusterRole, by contrast, is a non-namespaced resource.相反,ClusterRole 是一个非命名空间资源。 The resources have different names (Role and ClusterRole) because a Kubernetes object always has to be either namespaced or not namespaced;资源具有不同的名称(Role 和 ClusterRole),因为 Kubernetes object 始终必须是命名空间或不命名空间; it can't be both.不可能两者兼而有之。

解决方案3
 2  2020-04-03 06:04:21

A rolebinding is namespace scoped and clusterrolebinding is cluster scoped ie across all namespace.角色绑定是命名空间范围的,而集群角色绑定是集群范围的,即跨所有命名空间。

ClusterRoles and ClusterRoleBindings are useful in the following cases: ClusterRoles 和 ClusterRoleBindings 在以下情况下很有用:

  1. Give permissions for non-namespaced resources like nodes授予节点等非命名空间资源的权限

  2. Give permissions for resources in all the namespaces of a cluster授予集群所有命名空间中资源的权限

  3. Give permissions for non-resource endpoints like /healthz为 /healthz 等非资源端点授予权限

A RoleBinding can also reference a ClusterRole to grant the permissions defined in that ClusterRole to resources inside the RoleBinding's namespace. RoleBinding 还可以引用 ClusterRole 以将在该 ClusterRole 中定义的权限授予 RoleBinding 命名空间内的资源。 This kind of reference lets you define a set of common roles across your cluster, then reuse them within multiple namespaces.这种引用允许您在集群中定义一组通用角色,然后在多个命名空间中重用它们。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 RoleBinding和ClusterRoleBinding中的Kubernetes RBAC apiGroup字段 - Kubernetes RBAC apiGroup field in RoleBinding and ClusterRoleBinding 尽管有 RoleBinding(与 ClusterRoleBinding 相同),为什么在调用 Kubernetes API 时此 pod 会得到 403 Forbidden? - Why does this pod get a 403 Forbidden when calling the Kubernetes API despite a RoleBinding (same with ClusterRoleBinding)? 有没有办法找到与 serviceAccount 相关的 RoleBinding/ClusterRoleBinding? - Is there a way to find the RoleBinding/ClusterRoleBinding related to a serviceAccount? 无法在 RoleBinding 和 ClusterRoleBinding 中拥有多个 ServiceAccount 主题? - Unable to have multiple ServiceAccount subjects in RoleBinding & ClusterRoleBinding? 将 `ClusterRoleBinding` 转换为 `RoleBinding` 并为其设置命名空间以及使用 `kustomize` 的附加 `Deployment` 资源 - Converting `ClusterRoleBinding` to `RoleBinding` and setting namespace for it and an additional `Deployment` resource using `kustomize` 无法将ClusterRoleBinding附加到Kubernetes ServiceAccount - Unable to attach a ClusterRoleBinding to a Kubernetes ServiceAccount Kubernetes RBAC“由 RoleBinding 允许”但“无法列出资源” - Kubernetes RBAC "Allowed by RoleBinding" but "cannot list resource" 如何在Google Kubernetes Engine中为KubeIP部署ClusterRoleBinding - How to deploy ClusterRoleBinding in Google Kubernetes Engine for KubeIP 为什么 RoleBinding 定义 kubernetes 中的 namepsace 位 - Why the namepsace bit in the RoleBinding definition kubernetes 无法使用 Kubernetes ServiceAccount 列出或删除 ClusterRole 或 ClusterRoleBinding - Cannot list or delete ClusterRole or ClusterRoleBinding with a Kubernetes ServiceAccount
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM