streamnative.io
Help Center
Login
  1. StreamNative Cloud
  2. Manage Security
  3. Control Access
  4. Role-Based Access Control

Manage Role Bindings on StreamNative Cloud

Note

This documentation covers RBAC Version 2. For information about the previous version (RBAC Version 1), see RBAC (V1).

Role Bindings

Role bindings are used to bind roles to principals. They are defined as RoleBinding resources in the Cloud API. The schema is as follows:

apiVersion: cloud.streamnative.io/v1alpha1
kind: RoleBinding
metadata:
  name: <name>
  namespace: <namespace>
spec:
  roleRef:
    apiGroup: cloud.streamnative.io
    kind: <role type> # Role type:  ClusterRole(predefined), Role(customized)
    name: <roleName>
  subjects:
    - apiGroup: cloud.streamnative.io
      kind: <subject type> # User, ServiceAccount, Identity Pool
      name: <subject name>
  • roleRef: Reference to the role to be bound. It can be a Predefined Role (ClusterRole) or a Custom Role (Role).
  • subjects: List of subjects (also known as principals) to be bound to the role. It can be a User, a ServiceAccount, or an IdentityPool.

Manage Role Bindings

Currently, you can manage role bindings by using snctl or StreamNative Terraform Provider. Support for the Cloud Console will be available soon.

Create Role Bindings

You can create a role binding by using the following methods:

You can create a role binding by running the following command to bind a predefined role <predefined-role-name> to a service account <service-account-name>.

snctl create rolebinding <role-binding-name> \
  --clusterrole <predefined-role-name> \
  --serviceaccount <service-account-name>

Alternatively, you can prepare the manifest file rolebinding.yaml to bind a predefined role to a service account.

apiVersion: cloud.streamnative.io/v1alpha1
kind: RoleBinding
metadata:
  name: <name>
  namespace: <namespace>
spec:
  roleRef:
    apiGroup: cloud.streamnative.io
    kind: ClusterRole
    name: <predefined-role-name>
  subjects:
    - apiGroup: cloud.streamnative.io
      kind: ServiceAccount
      name: <service-account-name>

Then apply it using snctl apply.

snctl apply -f rolebinding.yaml

After creating the role binding, you can verify it by running the following command:

snctl get rolebinding <name>

You should be able to see the role binding is in the Ready state.

Update Role Bindings

You can update a role binding by using the following methods:

You can use snctl edit to update a role binding directly.

snctl edit rolebinding <name>

Alternatively, you can update the manfiest file rolebinding.yaml and apply it using snctl apply.

snctl apply -f rolebinding.yaml

Delete Role Bindings

You can delete a role binding by using the following methods:

Delete a role binding:

snctl delete rolebinding <name>
Previous
Manage Roles
Next
Use Pulsar ACLs with RBAC