.. _cluster_role:

Cluster Roles and Bindings
--------------------------

`Cluster Roles <https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole>`_
are roles that are defined across the entire cluster, regardless of namespace.  They otherwise
are setup and function the same.

Cluster Role Bindings associate cluster roles with users and/or service accounts.

Here is an example of a cluster role defined in a YAML file::

    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: ecr-login-role
    rules:
    - apiGroups: [""]
      resources: ["secrets"]
      verbs: ["create", "delete"]
    - apiGroups: [""]
      resources: ["serviceaccounts"]
      verbs: ["get", "patch"]

Here is example code for creating a cluster role::

    from k9.rbac import (
        read_yaml,
        create_cluster_role
    )

    body = read_yaml('ecr-login-role.yml')
    create_cluster_role(body)

.. autofunction:: k9.rbac.list_cluster_roles
.. autofunction:: k9.rbac.create_cluster_role
.. autofunction:: k9.rbac.delete_cluster_role
.. autofunction:: k9.rbac.get_cluster_role
.. autofunction:: k9.rbac.cluster_role_exists

.. autofunction:: k9.rbac.create_cluster_role_binding
.. autofunction:: k9.rbac.delete_cluster_role_binding
.. autofunction:: k9.rbac.get_cluster_role_binding
.. autofunction:: k9.rbac.cluster_role_binding_exists