I'm trying to use RBAC policies in my GKE clusters, so i need to enforce view role to a group and admin role to another group. I have 2 groups created [email protected] and [email protected] for the RBAC policies, will i be able to reference them directly in my ClusterRoleBinding yaml file like:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: view-role
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: "[email protected]"
Or should I enable "Google Groups for RBAC" and create a group "gke-security-groups@YOUR_DOMAIN" (https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#rolebinding) and add the above groups to it and then create RBAC rule in the GKE cluster ?
I created the above ClusterRoleBinding nothing sort off changed(without enabling the "Google Groups for RBAC"), please let me know how to apply RBAC accesses to a group in GKE cluster ?
