DevOps Glossary

Kubernetes Role is a namespaced Kubernetes Role-Based Access Control, or RBAC, object that defines which actions are allowed on resources inside one specific namespace. A Role can permit a user, group, or service account to read Pods, update ConfigMaps, list Secrets, or manage Jobs, but it has no effect until a RoleBinding connects it to that subject. Roles are useful for limiting access by team, application, or environment, such as allowing a CI service account to update Deployments only in the staging namespace. A Role differs from a ClusterRole because it applies within a namespace, while a ClusterRole can define permissions across the whole cluster or for cluster-scoped resources.