Kubernetesdevops~30 mins

Why RBAC matters in Kubernetes - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why RBAC Matters in Kubernetes

📖 Scenario: You are managing a Kubernetes cluster for a small company. Different team members need different levels of access to the cluster resources. You want to control who can do what to keep the cluster safe and organized.

🎯 Goal: Learn how to create a simple Role-Based Access Control (RBAC) setup in Kubernetes. You will create a Role, a RoleBinding, and see how they control access to resources.

📋 What You'll Learn

Create a Role with specific permissions

Create a RoleBinding to assign the Role to a user

Understand how RBAC controls access in Kubernetes

Use kubectl commands to apply and check RBAC resources

💡 Why This Matters

🌍 Real World

In real companies, RBAC helps protect sensitive data and operations by limiting access to only those who need it.

💼 Career

Understanding RBAC is essential for Kubernetes administrators and DevOps engineers to secure and manage clusters effectively.

Progress0 / 4 steps

Create a Role with permissions

Create a YAML file named read-pods-role.yaml that defines a Role called pod-reader in the default namespace. This Role should allow the get, watch, and list verbs on the resource pods.

Kubernetes

# Write the YAML content for the Role named pod-reader
# Your code here

Need a hint?

Remember to specify apiVersion, kind, metadata with name and namespace, and rules with resources and verbs.

Create a RoleBinding to assign the Role

Create a YAML file named read-pods-rolebinding.yaml that defines a RoleBinding called read-pods-binding in the default namespace. This RoleBinding should assign the Role pod-reader to the user jane.

Kubernetes

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

# Write the YAML content for the RoleBinding named read-pods-binding
# Your code here

Need a hint?

Make sure to include subjects with the user jane and roleRef pointing to the Role pod-reader.

Apply the Role and RoleBinding in Kubernetes

Use the kubectl apply command to apply both read-pods-role.yaml and read-pods-rolebinding.yaml files to your Kubernetes cluster.

Kubernetes

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods-binding
  namespace: default
subjects:
- kind: User
  name: jane
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

# Write the kubectl command to apply both YAML files
# Your code here

Need a hint?

Use kubectl apply -f followed by the file names to apply the configurations.

Verify the RoleBinding and test access

Run the command kubectl get rolebinding read-pods-binding -n default -o yaml to display the RoleBinding details. Then, explain why RBAC is important in Kubernetes in one sentence.

Kubernetes

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods-binding
  namespace: default
subjects:
- kind: User
  name: jane
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

kubectl apply -f read-pods-role.yaml
kubectl apply -f read-pods-rolebinding.yaml

# Run the command to get RoleBinding details and print why RBAC matters
# Your code here

Need a hint?

Use the kubectl get rolebinding command with -n default and -o yaml to see details, then print the explanation.