Kubernetes/Security and RBAC

From Ever changing code
< Kubernetes
Revision as of 22:31, 6 July 2019 by Pio2pio (talk | contribs) (Created page with "= Role Base Access Control = The Kubernetes API server provides CRUD (Create, Read, Update, Delete) interface for interacting with cluster state over a RESTful API. API calls...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Role Base Access Control

The Kubernetes API server provides CRUD (Create, Read, Update, Delete) interface for interacting with cluster state over a RESTful API. API calls can come only from 2 sources:

  • kubectl
  • POD

There is 4 stage process

  1. Authentication
  2. Authorization
  3. Admission
  4. Writing configuration CRUD actions to etcd database
ClipCapIt-190706-211859.PNG


At the admission stage RBAC access is evaluated. RBAC it self has 4 resources, divided over 2 groups

RBAC resources
Group-1 namespace resources Group-2 cluster level resources resources type
roles cluster roles defines what can be done
role bindings cluster role bindings defines who can do it
Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Kubernetes/Security_and_RBAC&oldid=4254