Hi, a question regarding RBAC: I need to grant the permission _create clusterro . . .

Gerd König:
Hi,
a question regarding RBAC:
I need to grant the permission create clusterrole and clusterrolebinding to a group.
So far, I defined the following:

apiVersion: <http://rbac.authorization.k8s.io/v1|rbac.authorization.k8s.io/v1>
kind: ClusterRole
metadata:
  name: my-cluster-role
rules:
- apiGroups: [""]
  resources: ["clusterroles", "clusterrolebindings"]
  verbs: ["get", "list", "edit", "create" ]

…and assigned that clusterrole to the proper group via clusterrolebinding.
But unfortunately it still doesn’t work

What exactly do I have to grant, so that a dedicated group (or a user) is able to create clusterroles and clusterrolebindings ?

many thanks in advance

Tanumoy Ghosh:
In resources you need to mention the k8s object to which you want to grant permission such as pods, deployments, etc

Gerd König:
Hi @Tanumoy Ghosh, thanks for your feedback, but in my yaml specification I already have the resources listed: “clusterroles”, “clusterrolebindings”, please find the yaml spec in my initial post here

unnivkn:
Nice ask… May be this might shed some light on your issue. Got it after some research.

image.png1038×778 41.8 KB

unnivkn:
please go through this doc: https://kubernetes.io/docs/reference/access-authn-authz/rbac/