1. Docs
  2. Reference
  3. Platform API
  4. CRDs
  5. RoleBindingTemplate

Last generated December 4, 2024

RoleBindingTemplate

RoleBindingTemplate is the Schema for the rolebindingtemplates API

Full name:
rolebindingtemplates.auth.giantswarm.io
Group:
auth.giantswarm.io
Singular name:
rolebindingtemplate
Plural name:
rolebindingtemplates
Scope:
Cluster
Versions:
v1alpha1

Version v1alpha1

Example CR

apiVersion: auth.giantswarm.io/v1alpha1
kind: RoleBindingTemplate
metadata:
  name: rolebindingtemplate-sample
spec:
  template:
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: example-role
    subjects:
    - kind: ServiceAccount
      name: example-sa
    - kind: Group
      name: example-group
  scopes:
    organizationSelector:
      matchLabels:
        key: value
      matchExpressions:
      - key: key
        operator: In
        values:
        - value

Properties

.apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

.kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

.metadata

object

.spec

object

RoleBindingTemplateSpec defines the desired state of RoleBindingTemplate

.spec.scopes

object Required

RoleBindingTemplateScopes describes the scopes the RoleBindingTemplate should be applied to

.spec.scopes.organizationSelector

object Required

ScopeSelector wraps a k8s label selector

.spec.scopes.organizationSelector.matchExpressions

array

.spec.scopes.organizationSelector.matchExpressions[*]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

.spec.scopes.organizationSelector.matchExpressions[*].key

string Required

key is the label key that the selector applies to.

.spec.scopes.organizationSelector.matchExpressions[*].operator

string Required

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

.spec.scopes.organizationSelector.matchExpressions[*].values

array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.scopes.organizationSelector.matchExpressions[*].values[*]

string

.spec.scopes.organizationSelector.matchLabels

object

.spec.template

object Required

RoleBindingTemplateResource describes the data needed to create a rolebinding from a template.

.spec.template.metadata

object

Standard object’s metadata.

.spec.template.roleRef

object Required

RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.

.spec.template.roleRef.apiGroup

string Required

APIGroup is the group for the resource being referenced

.spec.template.roleRef.kind

string Required

Kind is the type of resource being referenced

.spec.template.roleRef.name

string Required

Name is the name of resource being referenced

.spec.template.subjects

array

Subjects holds references to the objects the role applies to.

.spec.template.subjects[*]

object

Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.

.spec.template.subjects[*].apiGroup

string

APIGroup holds the API group of the referenced subject. Defaults to “” for ServiceAccount subjects. Defaults to “rbac.authorization.k8s.io” for User and Group subjects.

.spec.template.subjects[*].kind

string Required

Kind of object being referenced. Values defined by this API group are “User”, “Group”, and “ServiceAccount”. If the Authorizer does not recognized the kind value, the Authorizer should report an error.

.spec.template.subjects[*].name

string Required

Name of the object being referenced.

.spec.template.subjects[*].namespace

string

Namespace of the referenced object. If the object kind is non-namespace, such as “User” or “Group”, and this value is not empty the Authorizer should report an error.

.status

object

RoleBindingTemplateStatus defines the observed state of RoleBindingTemplate

.status.namespaces

array

Namespaces contains a list of namespaces the RoleBinding is currently applied to

.status.namespaces[*]

string

This documentation page shows information based on rbac-operator v0.41.1.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.

We empower platform teams to provide internal developer platforms that fuel innovation and fast-paced growth.   

GET IN TOUCH
General: hello@giantswarm.io

CERTIFIED SERVICE PROVIDER

RESOURCES

Webinars
Documentation
Blog
Partners
Events
Legal

COMPANY

About Us
Product
Customers
Careers
Contact Us

PLATFORMS

AWS
Azure
OpenStack
Copyright © 2024 Giant Swarm GmbH. All Rights Reserved.