Understanding Key Concepts
RBAC in Kubernetes primarily involves four types of Kubernetes objects: Roles, RoleBindings, ClusterRoles, and ClusterRoleBindings. We also need to understand the concepts of Subjects, Verbs, and Resources as they form the basis of defining access control rules.
Subjects, Verbs, and Resources
Subjects refer to the entity that performs an action. This can be a user, group, or service account. Verbs represent a subject’s actions, such as ‘get’, ‘create’, and ‘delete’. Resources represent the objects on which the actions can be performed, such as ‘pods’, ‘services’, ‘and nodes.For example, if we want to grant a user ‘john’ the permission to ‘delete’ ‘pods’, ‘john’ is the Subject, ‘delete’ is the Verb, and ‘pods’ is the Resource.
How To Use Kubernetes RBAC (Role-Based Access Control)?
In a nutshell, Role-Based Access Control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an organization. In the context of Kubernetes, RBAC is a security feature that controls access to resources within your cluster. It allows you to specify what actions a user or a group of users can and cannot perform. This is vital in a team environment, where not everyone should have full, unrestricted access to all resources.
Before we go further, let’s briefly understand the architecture of Kubernetes. Kubernetes follows a master-worker node architecture. The master node is responsible for maintaining the desired state (like which applications or other workloads should be running and which nodes they live on), and the worker nodes actually run the workloads.
Contact Us