0
0
KubernetesConceptBeginner · 3 min read

RBAC in Kubernetes: What It Is and How It Works

RBAC in Kubernetes stands for Role-Based Access Control. It is a system that controls who can do what inside a Kubernetes cluster by assigning roles with specific permissions to users or groups.
⚙️

How It Works

Imagine a company where employees have different job roles like manager, developer, or intern. Each role has specific tasks they can do. RBAC in Kubernetes works the same way by defining roles that list what actions are allowed, such as creating pods or reading logs.

These roles are then assigned to users or groups through bindings. When someone tries to perform an action, Kubernetes checks their assigned roles to decide if they have permission. This keeps the cluster safe by making sure users only do what they are allowed.

💻

Example

This example shows a simple Role and RoleBinding that lets a user list pods in a namespace.

yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
  namespace: default
subjects:
- kind: User
  name: jane
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
Output
Role "pod-reader" and RoleBinding "read-pods" created in namespace "default"
🎯

When to Use

Use RBAC whenever you want to control access in your Kubernetes cluster. It is essential for security, especially in teams where multiple people or services interact with the cluster.

For example, you can give developers permission to create and manage pods but not to change cluster-wide settings. Or you can allow monitoring tools to read logs without giving them full control. RBAC helps prevent mistakes and protects your cluster from unauthorized actions.

Key Points

  • RBAC controls access by assigning roles with specific permissions.
  • Roles define what actions are allowed on which resources.
  • RoleBindings connect roles to users or groups.
  • RBAC improves security by limiting user actions.
  • It is widely used in Kubernetes clusters for safe multi-user environments.

Key Takeaways

RBAC lets you control who can do what in a Kubernetes cluster by assigning roles.
Roles list permissions, and RoleBindings assign these roles to users or groups.
Using RBAC improves cluster security by limiting access to only what is needed.
RBAC is essential for managing multi-user or multi-team Kubernetes environments.

Related by keyword

How Networking Works in Kubernetes: Basics and ExamplesNetworkingHow Service Discovery Works in Kubernetes: Explained SimplyNetworkingHow Scheduling Works in Kubernetes: Explained SimplySchedulingInit Container in Kubernetes: What It Is and How It WorksPodsPod Lifecycle in Kubernetes: What It Is and How It WorksPods

Up next

What Is Network Policy in Kubernetes: Simple Explanation and ExampleWhat Is Pod Network in Kubernetes: Simple Explanation and ExampleHelm 2 vs Helm 3: Key Differences and When to Use EachHow to Create a Helm Chart for Kubernetes Applications

More in RBAC

How to Bind Role to Service Account in KubernetesHow to Create a Read Only User in KubernetesHow to Create a Service Account in Kubernetes: Step-by-Step GuideHow to Grant Admin Access in Kubernetes: Step-by-Step Guide