Kubernetes RBAC Objects For Cluster Administration
By Sudheer S
In a previous series of blog posts, we discussed the Kubernetes objects typically used to run a web application. We covered, Namespace, Pod, ConfigMap, Secret, Service, Deployment, ServiceAccount, Ingress, PDB, HPA, PV, PVC, Job and CronJob.
In this post, we will discuss some fundamental building blocks for the Kubernetes cluster administration: RBAC objects.
In most situations, Kubernetes API server is started with the flag --authorization-mode=RBAC
which enables RBAC in
the cluster.
- Role - namespaced. A Role defines a set of permissions or rules that determine what actions a user or group can perform within a specific namespace.
- RoleBinding. A RoleBinding binds a Role to a user, group, or service account, enabling them to access and perform actions defined by the Role within a specific namespace.
- ClusterRole - non-namespaced. A ClusterRole defines a set of permissions or rules that determine what actions a user or group can perform across the entire cluster, rather than within a specific namespace.
- ClusterRoleBinding. A ClusterRoleBinding binds a ClusterRole to a user, group, or service account, granting them the permissions defined by the ClusterRole across the entire cluster.