In Kubernetes RBAC, ClusterRoleBinding is the mechanism for granting permissions to resources that are not namespace-scoped. The documentation integrated into VCF 9.0 explains: “ClusterRoleBinding binds a user, group, or service account to a ClusterRole, granting cluster-wide permissions to non-namespaced resources such as nodes, storage classes, or persistent volumes.”
A RoleBinding grants access to namespace-scoped resources. RoleReference is a field within a RoleBinding/ClusterRoleBinding object, not a standalone object. ClusterRoleAccess is not a valid Kubernetes construct.
Thus, to assign permissions at a cluster-wide level, the correct object is ClusterRoleBinding.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit