DevOps Glossary

Kubernetes ClusterRole is a cluster-wide Role-Based Access Control, or RBAC, object in Kubernetes that defines which actions are allowed on resources. It can grant permissions for cluster-scoped resources such as Nodes, PersistentVolumes, and CustomResourceDefinitions, and it can also define reusable permissions for namespaced resources such as Pods, Deployments, and Services. A ClusterRole contains policy rules, such as allowed verbs like get, list, create, or delete, plus the API groups and resources those verbs apply to. It does not grant access by itself; a RoleBinding or ClusterRoleBinding attaches it to users, groups, or service accounts. Platform teams commonly use ClusterRoles to give controllers, CI/CD systems, monitoring agents, or operators the exact permissions they need across a cluster while keeping access controlled and auditable.