DevOps Glossary

Kubernetes ClusterRoleBinding is a Role-Based Access Control, or RBAC, object that grants a ClusterRole to one or more users, groups, or service accounts across an entire Kubernetes cluster. It connects the permissions defined in a ClusterRole, such as listing nodes, reading pods in every namespace, or managing persistent volumes, to the subjects allowed to use those permissions. Unlike a RoleBinding, which applies permissions within a single namespace, a ClusterRoleBinding applies at cluster scope, so it should be used carefully and reviewed often. Common uses include giving a monitoring service account read access across namespaces, allowing cluster administrators to manage cluster-wide resources, or granting controllers the permissions they need to operate. A typical ClusterRoleBinding includes a roleRef that points to the ClusterRole and a subjects list that names the users, groups, or service accounts receiving access.