K
Q

Kubernetes: Role vs ClusterRole

8/2/2018

Which is the difference between a Role or a ClusterRole?

When should I create one or the other one?

I don't quite figure out which is the difference between them.

-- Jordi
kubernetes

Similar Questions

IBM Cloud Private - Deploy Node Js application
Helm: could not find tiller
Can't access Prometheus Postgres exporter installed in kubernetes: connection refused
How to set the number of CPU cores shown to a pod
Static IP to LoadBalancer service using k8s on aws (Allocation IDs)
I am facing "Attempting to reclaim ephemeral-storage" and disk pressure "kubelet has disk pressure" on a one node kubernetes cluster

2 Answers

8/2/2018

From the documentation:

A Role can only be used to grant access to resources within a single namespace.

Example: List all pods in a namespace

A ClusterRole can be used to grant the same permissions as a Role, but because they are cluster-scoped, they can also be used to grant access to:

cluster-scoped resources (like nodes)
non-resource endpoints (like “/healthz”)
namespaced resources (like pods) across all namespaces (needed to run kubectl get pods --all-namespaces, for example)

Examples: List all pods in all namespaces. Get a list of all nodes and theis public IP.

-- herm
Source: StackOverflow
8/4/2018

Cluster roles also allow for the reuse of common permission sets across namespaces (via role bindings). The bootstrap admin, edit and view cluster roles are the canonical examples.

-- monis
Source: StackOverflow