Kubernetes Security - RBAC | Don't let people run loose with admin permissions on your cluster

Let's start restricting access to the entire cluster with RBAC. We'll create users, groups and even allow the Pods the appropriate permissions to communicate with the cluster.

My Medium article - It's a bit old now and an update should come out soon™: https://medium.com/@DrewViles/kubernetes-the-hard-way-on-bare-metal-vms-v1-23-2168f5fe70af
Roles: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
RoleBindings: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding

That awesome JWT decoder command? All credit to this person for the base command: https://gist.github.com/angelo-v/e0208a18d455e2e6ea3c40ad637aac53?permalink_comment_id=3439919#gistcomment-3439919
00:00 - Intro
00:15 - In This Video
01:11 - Let's Take a Look at Roles and RoleBindings
05:32 - Creating Users/Groups
16:03 - Creating a Role
17:05 - Creating a RoleBinding for a Group
20:12 - Giving Specific Users More Access
22:19 - Giving Pods Permissions via a ServiceAccount
28:42 - Wrap Up

Тэги:

#Linux #Kubernetes #CKA #CKAD #CKS #KubeADM #Role #RoleBinding #ClusterRole #ClusterRoleBinding #RBAC #Security #Service_Account #Users #Groups

Скачать видео