In this simple hands-on lab, we are going to control access to a Kubernetes cluster using Kubernetes RBAC. We'll be using an already running Kubernetes cluster to achieve this.
Role-based access control in Kubernetes allows you control what users can do and access in a Kubernetes cluster. It is an important component when it comes to managing a Kubernetes cluster securely.
RBAC Objects:
Role, ClusterRole, RoleBinding and ClusterRoleBinding are basic RBAC objects that make up the Kubernetes RBAC system.
A Role defines permissions within a particular namespace while ClusterRole defines cluster-wide permissions not specific to a single namespace. These are defined using a yaml file.
RoleBinding and ClusterRoleBinding are objects that connects Roles and ClusterRoles to users. They define which users are allowed to use the roles defined in the Role and ClusterRoles yaml files.
To achieve this, we'll:
Confirm the 'dev' user does not have read access to pods in the 'beebox-mobile' namespace
Create a role that gives 'dev' user read access to pods and pods logs in the beebox-mobile namespace
Create a role binding to bind the created role to the 'dev' user
Confirm the 'dev' user has read access to pods in the 'beebox-mobile' namespace
Steps:
- Confirm the 'dev' user does not have read access to pods in the 'beebox-mobile' namespace
- Create a role that gives 'dev' user read access to pods and pods logs in the beebox-mobile namespace
- Create a role binding to bind the created role to the 'dev' user
- Confirm the 'dev' user now has read access to pods in the 'beebox-mobile' namespace
Voila! QED!