K
Q

What is the kubectl command for removing a subject from a rolebinding or cluserrolebinding

5/13/2020

I want to use kubectl to add/delete subjects from a k8s rolebinding or cluserrolebinding

Following kubectl command adds a subject to a rolebinding or cluserrolebinding

kubectl set subject clusterrolebinding <name> --user=<user>

But I couldn't figure out how I can delete a subject using kubectl

-- Amit Joglekar
kubectl
kubernetes
rbac

Similar Questions

Kubectl wait command for init containers
RouteController "failed to create a route" between regions
How to configure side-car of StatefulSet to use persistent-volume of main container?
Deploy Kafka on AKS and able to test it

1 Answer

5/14/2020

kubectl set subject doesn't support removing subjects from created ClusterRoleBindings or RoleBindings.

If you create a RoleBinding or ClusterRoleBinding from a file you can remove extra subjects by using

kubectl auth reconcile -f <config.yaml> --remove-extra-subjects

The kubectl auth reconcile command-line utility creates or updates a manifest file containing RBAC objects, and handles deleting and recreating binding objects if required to change the role they refer to.

This is preferred to 'apply' for RBAC resources so that semantically-aware merging of rules and subjects is done.

-- KFC_
Source: StackOverflow