The concepts of users, groups, and roles in Kubernetes:
Role-Based Access Control (RBAC):
RBAC is a method of regulating access to computer or network resources based on the roles of individual users within your organization.
It allows you to dynamically configure policies through the Kubernetes API.
To enable RBAC, start the API server with the
--authorization-mode
flag set to include RBAC.RBAC uses the
rbac.authorization.k8s.io
API group for authorization decisions.
API Objects for RBAC:
The RBAC API defines four kinds of Kubernetes objects:
Role: Contains rules representing a set of permissions within a specific namespace.
ClusterRole: Non-namespaced resource that defines permissions across all namespaces.
RoleBinding: Grants permissions within a specific namespace.
ClusterRoleBinding: Grants access cluster-wide.
Role and ClusterRole:
A Role sets permissions within a particular namespace.
A ClusterRole is non-namespaced and can define permissions on namespaced or cluster-scoped resources.
Use a Role for namespace-specific roles and a ClusterRole for cluster-wide roles.
Example Role and ClusterRole:
Role Example (for read access to pods in the “default” namespace):
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: namespace: default name: pod-reader rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"]
ClusterRole Example (for read access to secrets across namespaces):
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: secret-reader rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "watch", "list"]
That's great if you have make till here you have covered Users, Group, Roles in Kubernetes
If you liked what you read, do follow and any feedback for further improvement will be highly appreciated!
Thank you and Happy Learning!👏