kubernetes: Securing The Cluster using RBAC







In this article we are going to discuss about how authorization takes place in a kubernetes cluster. RBAC stands for "Role Based Access Control"





Example


We are going to create a role and attach it to a a service account in a new namespace called test-qa


kubectl create ns test-qa
kubectl create serviceaccount qa-test-account -n test-qa
kubectl create role qa-tester-view --verb=get --verb=list --resource=pods -n test-qa
kubectl describe role.rbac.authorization.k8s.io/qa-tester-view -n test-qa
kubectl create role qa-tester-view --verb=get --verb=list --resource=pods -n test-qa
kubectl create rolebinding qa-viewer --role=qa-tester-view --serviceaccount=qa-test-account:test-qa -n test-qa


We will observe that as in the name space test-qa with the qa-test-account will only be able to list and view pods and will not be able to create any new object. This is how RBAC works.

In the next article we will study about one more important feature of kubernetes security called as pod security policy.








69 views0 comments

Recent Posts

See All
 

Subscribe Form

©2020 by Linux Advise