LabEx
Log InJoin Free

What are the subjects and roleRef in a ClusterRole Binding?

QuestionsQuestions8 SkillsProRole-Based Access Control on KubernetesNov, 30 2025
082

In a ClusterRole Binding, the subjects and roleRef fields serve specific purposes:

subjects

  • The subjects field defines the entities (users, groups, or service accounts) that the ClusterRole is being granted to.
  • Each subject is specified with a kind, name, and optionally an apiGroup.
  • Examples of kind include User, Group, or ServiceAccount.

Example:

subjects:
- kind: User
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

roleRef

  • The roleRef field specifies the ClusterRole that is being referenced by the ClusterRole Binding.
  • It includes the kind (which should be ClusterRole), the name of the ClusterRole, and the apiGroup that the role belongs to.

Example:

roleRef:
  kind: ClusterRole
  name: myapp-admin
  apiGroup: rbac.authorization.k8s.io

Together, these fields define who has what permissions at the cluster level.

0 Comments

no data
Be the first to share your comment!