Cluster Roles

Cluster Roles define permissions that apply across the entire cluster. They can grant access to cluster-scoped resources or resources in all namespaces.

Overview

The Cluster Roles view displays all cluster roles with the following information:

Column	Description
Name	The cluster role identifier
Rules	Number of permission rules in the cluster role
Permissions	Resources and actions the cluster role grants access to
Age	When the cluster role was created
Actions	Edit or delete the cluster role

Features

Search

Use the search bar to quickly find cluster roles by name.

Create Cluster Role

Click + Create Cluster Role to define a new cluster role with custom permissions.

When to Use Cluster Roles

Use Cluster Roles when you need to:

Grant access to cluster-scoped resources - Resources like nodes, persistent volumes, or namespaces that exist outside any namespace
Grant access across all namespaces - When users need the same permissions in every namespace
Define reusable permission sets - Cluster Roles can be referenced by Role Bindings in any namespace

Built-in Cluster Roles

Kubernetes includes several default cluster roles:

Role	Description
`cluster-admin`	Full access to all resources in the cluster
`admin`	Full access within a namespace (when bound with RoleBinding)
`edit`	Read/write access to most resources in a namespace
`view`	Read-only access to most resources in a namespace

Example Cluster Role

A cluster role that allows reading nodes and persistent volumes:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-reader
rules:
- apiGroups: [""]
  resources: ["nodes", "persistentvolumes"]
  verbs: ["get", "list", "watch"]

Best Practices

Use built-in roles when possible - Kubernetes provides well-designed default roles
Be cautious with cluster-admin - This role has unrestricted access
Document custom cluster roles - Explain why each permission is needed
Regular audits - Review cluster roles periodically to ensure they’re still necessary

Roles Cluster Role Bindings