EdEarn Logo

Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) is a key security feature in Kubernetes that regulates user and service account permissions.

Core Components:

  • Role: Defines permissions within a namespace
  • ClusterRole: Defines permissions cluster-wide
  • RoleBinding: Grants a Role to a user/service account within a namespace
  • ClusterRoleBinding: Grants a ClusterRole cluster-wide

Example Role:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

Binding the Role:

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: read-pods
  namespace: default
subjects:
- kind: User
  name: jane
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

RBAC helps enforce the principle of least privilege and is essential for securing access to cluster resources.

← PrevNext →