Revision as of 23:48, 4 September 2020

Internal

Kubernetes Security Concepts

Overview

In Kubernetes, granting a role to an application-specific service account is a best practice to ensure that the application is operated in a specified scope.

TODO:

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#service-account-permissions

https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/

Cluster Role

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: edit
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
  resourceVersion: "316"
aggregationRule:
  clusterRoleSelectors:
  - matchLabels:
      rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups:
  - ""
  resources:
  - pods/attach
  - pods/exec
  - pods/portforward
  - pods/proxy
  - secrets
  - services/proxy
  verbs:
  - get
  - list
  - watch

Cluster Role Binding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:masters

RBAC Operations

Assigning a Cluster Role to a Service Account

Kubernetes Role Based Access Control Concepts: Difference between revisions

Revision as of 23:48, 4 September 2020

Contents

Internal

Overview

Cluster Role

Cluster Role Binding

RBAC Operations

Navigation menu

Kubernetes Role Based Access Control Concepts: Difference between revisions

Revision as of 23:48, 4 September 2020

Internal

Overview

Cluster Role

Cluster Role Binding

RBAC Operations

Navigation menu

Search