This recipe showed you how to create new users in Kubernetes and quickly create Roles and RoleBindings to grant permission to user accounts on Kubernetes.

Kubernetes clusters have two types of users:

• User accounts: User accounts are normal users that are managed externally.
• Service accounts: Service accounts are the users who are associated with the Kubernetes services and are managed by the Kubernetes API with its own resources.

You can read more about service accounts by looking at the Managing service accounts link in the See also section.

In the Creating Roles and RoleBindings recipe, in Step 1, we created a Role named deployer. Then, in Step 2, we granted the rules associated with the deployer Role to the user account john.geek.

RBAC uses the rbac.authorization.k8s.io API to make authorization decisions. This allows admins to dynamically configure policies using the Kubernetes APIs. If you wanted to use the existing Roles and give someone cluster-wide superuser permission, you could use the cluster-admin ClusterRole with a ClusterRoleBinding instead. ClusterRoles don't have namespace limits and can execute commands in any namespace with the granted permissions. Overall, you should be careful while assigning the cluster-admin ClusterRole to users. ClusterRoles can be also limited to namespaces, similar to Roles if they are used with RoleBindings to grant permissions instead.