kubernetes: Securing The Cluster using RBAC

Updated: Jun 4







In this article, we are going to discuss how authorization takes place in a Kubernetes cluster. RBAC stands for "Role-Based Access Control"





Example


We are going to create a role and attach it to a service account in a new namespace called test-qa


kubectl create ns test-qa
kubectl create serviceaccount qa-test-account -n test-qa
kubectl create role qa-tester-view --verb=get --verb=list --resource=pods -n test-qa
kubectl describe role.rbac.authorization.k8s.io/qa-tester-view -n test-qa
kubectl create role qa-tester-view --verb=get --verb=list --resource=pods -n test-qa
kubectl create rolebinding qa-viewer --role=qa-tester-view --serviceaccount=qa-test-account:test-qa -n test-qa


We will observe that as in the namespace test-qa with the qa-test-account will only be able to list and view pods and will not be able to create any new object. This is how RBAC works.

In the next article, we will study about one more important feature of Kubernetes security called as pod security policy.








150 views0 comments

Recent Posts

See All