Kubernetes Role Based Access Control Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
(Created page with "=Internal= =Overview= In Kubernetes, granting a role to an application-specific service account is a best practice to ensure that the application is operated in a specified s...")
 
Line 1: Line 1:
=Internal=
=Internal=
* [[Kubernetes_Security_Concepts#Role_Based_Access_Control_.28RBAC.29|Kubernetes Security Concepts]]
=Overview=
=Overview=



Revision as of 18:49, 22 June 2020

Internal

Overview

In Kubernetes, granting a role to an application-specific service account is a best practice to ensure that the application is operated in a specified scope.

TODO:

Cluster Role

Cluster Role Binding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:masters

RBAC Operations