I want to add role from namespace kube-system in my MyRoleBinding.yaml file like that:
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: myrolebinding
namespace: default
subjects:
- kind: ServiceAccount
name: myservice
namespace: default
apiGroup: ""
roleRef:
kind: Role
name: system:controller:token-cleaner
namespace: kube-system
apiGroup: ""
But when I run kubectl apply -f MyRoleBinding.yaml I get:
error: error validating "MyRoleBinding.yaml": error validating data: ValidationError(RoleBinding.roleRef): unknown field "namespace" in io.k8s.api.rbac.v1.RoleRef; if you choose to ignore these errors, turn validation off with --validate=false
I am running in the default namespace, is it because of this ?
I tried to run:
kubectl apply -f MyRoleBinding.yaml --namespace=kube-system but I am getting the same error.
I also tried to add an existing role in the defaul namespace by using:
roleRef:
kind: Role
name: read-pods
namespace: default
apiGroup: ""
and I got the same error.
The roleRef field doesn't support namespace. You can use roleRef either with ClusterRoles which are not namespaced or with Roles which always has to be in the same namespace as the RoleBinding. See also the reference.