RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
import "k8s.io/api/rbac/v1"
RoleBinding
RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: RoleBinding
-
metadata (ObjectMeta)
Standard object’s metadata. -
roleRef (RoleRef), required
RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.
RoleRef contains information that points to the role being used- roleRef.apiGroup (string), required
APIGroup is the group for the resource being referenced - roleRef.kind (string), required
Kind is the type of resource being referenced - roleRef.name (string), required
Name is the name of resource being referenced
- roleRef.apiGroup (string), required
-
subjects ([]Subject)
Subjects holds references to the objects the role applies to.
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.- subjects.kind (string), required
Kind of object being referenced. Values defined by this API group are “User”, “Group”, and “ServiceAccount”. If the Authorizer does not recognized the kind value, the Authorizer should report an error. - subjects.name (string), required
Name of the object being referenced. - subjects.apiGroup (string)
APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to “rbac.authorization.k8s.io” for User and Group subjects. - subjects.namespace (string)
Namespace of the referenced object. If the object kind is non-namespace, such as “User” or “Group”, and this value is not empty the Authorizer should report an error.
- subjects.kind (string), required
RoleBindingList
RoleBindingList is a collection of RoleBindings
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: RoleBindingList
-
metadata (ListMeta)
Standard object’s metadata. -
items ([]RoleBinding), required
Items is a list of RoleBindings
Operations
get
read the specified RoleBinding
HTTP Request
GET /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}
Parameters
- {name} (string), required
name of the RoleBinding - {namespace} (string), required
namespace - ?pretty (string)
pretty
Response
200 (RoleBinding): OK
401: Unauthorized
list
list or watch objects of kind RoleBinding
HTTP Request
GET /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings
Parameters
- {namespace} (string), required
namespace - ?allowWatchBookmarks (boolean)
allowWatchBookmarks - ?continue (string)
continue - ?fieldSelector (string)
fieldSelector - ?labelSelector (string)
labelSelector - ?limit (integer)
limit - ?pretty (string)
pretty - ?resourceVersion (string)
resourceVersion - ?resourceVersionMatch (string)
resourceVersionMatch - ?timeoutSeconds (integer)
timeoutSeconds - ?watch (boolean)
watch
Response
200 (RoleBindingList): OK
401: Unauthorized
list
list or watch objects of kind RoleBinding
HTTP Request
GET /apis/rbac.authorization.k8s.io/v1/rolebindings
Parameters
- ?allowWatchBookmarks (boolean)
allowWatchBookmarks - ?continue (string)
continue - ?fieldSelector (string)
fieldSelector - ?labelSelector (string)
labelSelector - ?limit (integer)
limit - ?pretty (string)
pretty - ?resourceVersion (string)
resourceVersion - ?resourceVersionMatch (string)
resourceVersionMatch - ?timeoutSeconds (integer)
timeoutSeconds - ?watch (boolean)
watch
Response
200 (RoleBindingList): OK
401: Unauthorized
create
create a RoleBinding
HTTP Request
POST /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings
Parameters
-
{namespace} (string), required
namespace -
body (RoleBinding), required
-
?dryRun (string)
dryRun -
?fieldManager (string)
fieldManager -
?pretty (string)
pretty
Response
200 (RoleBinding): OK
201 (RoleBinding): Created
202 (RoleBinding): Accepted
401: Unauthorized
update
replace the specified RoleBinding
HTTP Request
PUT /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}
Parameters
-
{name} (string), required
name of the RoleBinding -
{namespace} (string), required
namespace -
body (RoleBinding), required
-
?dryRun (string)
dryRun -
?fieldManager (string)
fieldManager -
?pretty (string)
pretty
Response
200 (RoleBinding): OK
201 (RoleBinding): Created
401: Unauthorized
patch
partially update the specified RoleBinding
HTTP Request
PATCH /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}
Parameters
-
{name} (string), required
name of the RoleBinding -
{namespace} (string), required
namespace -
body (Patch), required
-
?dryRun (string)
dryRun -
?fieldManager (string)
fieldManager -
?force (boolean)
force -
?pretty (string)
pretty
Response
200 (RoleBinding): OK
401: Unauthorized
delete
delete a RoleBinding
HTTP Request
DELETE /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}
Parameters
-
{name} (string), required
name of the RoleBinding -
{namespace} (string), required
namespace -
body (DeleteOptions)
-
?dryRun (string)
dryRun -
?gracePeriodSeconds (integer)
gracePeriodSeconds -
?pretty (string)
pretty -
?propagationPolicy (string)
propagationPolicy
Response
200 (Status): OK
202 (Status): Accepted
401: Unauthorized
deletecollection
delete collection of RoleBinding
HTTP Request
DELETE /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings
Parameters
-
{namespace} (string), required
namespace -
body (DeleteOptions)
-
?continue (string)
continue -
?dryRun (string)
dryRun -
?fieldSelector (string)
fieldSelector -
?gracePeriodSeconds (integer)
gracePeriodSeconds -
?labelSelector (string)
labelSelector -
?limit (integer)
limit -
?pretty (string)
pretty -
?propagationPolicy (string)
propagationPolicy -
?resourceVersion (string)
resourceVersion -
?resourceVersionMatch (string)
resourceVersionMatch -
?timeoutSeconds (integer)
timeoutSeconds
Response
200 (Status): OK
401: Unauthorized