Docs
Blog
Kubevious.io places cookies on your computer or device to make the site work better and to help us understand how you use our site. Further use of this site (by clicking, navigating or scrolling) will be considered consent. Please visit our privacy policy for more information.
Guard
Features
Application Centric UI
Health Monitoring
Cloud Native Tools
Search Engine
Time Machine
Rules Engine
Slack Bot
Built-in Validators
Container
Compute
Configuration
Networking
Storage
RBAC
ServiceAccount not specified in container
Unresolved Role reference in RoleBinding
Unresolved Secret reference in ServiceAccount
Unresolved ServiceAccount reference in Binding
Unresolved ServiceAccount reference in container
Unused Role
Unused RoleBinding
Unused ServiceAccount
Security
Traefik Proxy
Docs
Built-in Validators
RBAC

Unresolved Role reference in RoleBinding

RoleBinding grants Role permissions to Users or ServiceAccounts. This validator detects when a Role used in RoleBinding is not found.

Affected Resources: RoleBinding, ClusterRoleBinding

Examples

apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: read-pods subjects: - kind: ServiceAccount name: backend roleRef: kind: Role name: pod-reader # Role not found apiGroup: rbac.authorization.k8s.io
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: podreader # Name different rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"]

Resolution

  • Check if the ClusterRole is present.
  • Check if the Role is present in the same namespace.
  • Check if the Role is present in a different namespace. Kubevious Search can be a very handy tool to find Roles across namespaces. You cannot mount a Role from a different namespaces. In that case you would need to create a Role in namespace where the RoleBinding resides.
  • Did you make a typo in the RoleBinding? Kubevious Search uses fuzzy logic to return results and can help with finding the correct Role.
    • Prev
    ServiceAccount not specified in container
    Next
    Unresolved Secret reference in ServiceAccount

    Need other validation rules?

    Please let us know if there are other built-in validation rules you would like to see in Kubevious to detect misconfigurations and violations to best practices. Optionally, you can provide your details so we can reach out to you with follow-up questions.

    Share this article on:
    message
    PRODUCTGet StartedDemoOpen-Source
    COMPANYContactPrivacy PolicyTerms and Conditions
    KNOWLEDGE BASEDocumentationKubernetes Best PracticesBlog