RBAC Question: I see in the documentation that RoleBindings can be applied to g . . .

Kubernetes-Slack Discussions
#1

Daniel Henson:
RBAC Question:

I see in the documentation that RoleBindings can be applied to groups. Are “groups” in this case the groups inherited from the underlying server/OS, or am I missing a way to create a “user group” in k8s?

What I’m trying to do:

Create a role, “devs,” in k8s. Assign N users to the group “project-developers.” Create a RoleBinding that associates all members of the group “project-developers” with the permissions granted in the k8s role “devs.”

#2

Sergei Diachenko:
No, groups in kubernetes don’t relate to underlying server/OS groups. In the case of authenticating via certificate, information of belonging user to groups is in the certificate itself in O field.
You can create CSR with groups as in the example:
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#x509-client-certs