Controlling access in Kubernetes using RBAC

In this simple hands-on lab, we are going to control access to a Kubernetes cluster using Kubernetes RBAC. We'll be using an already running Kubernetes cluster to achieve this.

Role-based access control in Kubernetes allows you control what users can do and access in a Kubernetes cluster. It is an important component when it comes to managing a Kubernetes cluster securely.

RBAC Objects:

Role, ClusterRole, RoleBinding and ClusterRoleBinding are basic RBAC objects that make up the Kubernetes RBAC system.

A Role defines permissions within a particular namespace while ClusterRole defines cluster-wide permissions not specific to a single namespace. These are defined using a yaml file.

RoleBinding and ClusterRoleBinding are objects that connects Roles and ClusterRoles to users. They define which users are allowed to use the roles defined in the Role and ClusterRoles yaml files.

To achieve this, we'll:

1. Confirm the 'dev' user does not have read access to pods in the 'beebox-mobile' namespace

2. Create a role that gives 'dev' user read access to pods and pods logs in the beebox-mobile namespace

3. Create a role binding to bind the created role to the 'dev' user

4. Confirm the 'dev' user has read access to pods in the 'beebox-mobile' namespace

Steps:

1. Confirm the 'dev' user does not have read access to pods in the 'beebox-mobile' namespace

2. Create a role that gives 'dev' user read access to pods and pods logs in the beebox-mobile namespace

3. Create a role binding to bind the created role to the 'dev' user

4. Confirm the 'dev' user now has read access to pods in the 'beebox-mobile' namespace

Voila! QED!