Internal

Kubernetes Security Concepts

Overview

In Kubernetes, granting a role to an application-specific service account is a best practice to ensure that the application is operated in a specified scope.

TODO:

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#service-account-permissions

https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/

Cluster Role

Cluster Role Binding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:masters

RBAC Operations

Assigning a Cluster Role to a Service Account

Kubernetes Role Based Access Control Concepts

Contents

Internal

Overview

Cluster Role

Cluster Role Binding

RBAC Operations

Navigation menu

Kubernetes Role Based Access Control Concepts

Internal

Overview

Cluster Role

Cluster Role Binding

RBAC Operations

Navigation menu

Search