This is a quick recap for RBAC, more details can check the official doc or click the tiltle links.
ServiceAccount (sa)
1. Yaml File
2. CMD
kubectl create serviceaccount NAME -n NAMESPACE
Role/Clusterrole
1. Yaml File
2. CMD
kubectl create [role|clusterrole] NAME --verb=verb --resource=resource.group/subresource [--resource-name=resourcename]
Rolebinding/Clusterrolebinding
1. Yaml File
2. CMD
kubectl create rolebinding NAME --clusterrole=NAME|--role=NAME [--user=username] [--group=groupname]
[--serviceaccount=namespace:serviceaccountname]
kubectl create clusterrolebinding NAME --clusterrole=NAME [--user=username] [--group=groupname]
[--serviceaccount=namespace:serviceaccountname]
Usage & Quick Verify
1. Usage
Pod yaml file add spec.serviceAccountName
2. Quick Verify
kubectl auth can-i VERB RESOURCE --as=[USER|SA] -n NAMESPACE
more verifications can check details.