Difference between revisions of "Kubernetes RBAC"
Jump to navigation
Jump to search
↑ https://www.mirantis.com/blog/whats-new-kubernetes-1-6-focus-stability/
| (11 intermediate revisions by 2 users not shown) | |||
| Line 3: | Line 3: | ||
https://kubernetes.io/docs/reference/access-authn-authz/rbac/ | https://kubernetes.io/docs/reference/access-authn-authz/rbac/ | ||
| + | == Commands == | ||
* <code>[[kubectl create role]]</code> | * <code>[[kubectl create role]]</code> | ||
* <code>[[kubectl create clusterrole]]</code> | * <code>[[kubectl create clusterrole]]</code> | ||
| Line 12: | Line 13: | ||
* <code>[[kubectl auth can-i]]</code> | * <code>[[kubectl auth can-i]]</code> | ||
| − | == | + | == [[K8s Cluster roles]] == |
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles | https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles | ||
| − | + | {{K8s roles TOC}} | |
| − | |||
| − | |||
| − | |||
Review https://medium.com/codex/how-to-provide-access-to-aws-eks-for-sso-users-via-aws-sso-to-view-and-manage-the-cluster-17e2acfd6a35 for screenshoots of AWS EKS console depending of different roles. | Review https://medium.com/codex/how-to-provide-access-to-aws-eks-for-sso-users-via-aws-sso-to-view-and-manage-the-cluster-17e2acfd6a35 for screenshoots of AWS EKS console depending of different roles. | ||
| + | |||
| + | Related: <code>[[groups:]]</code>, <code>[[kubectl get clusterroles]]</code> | ||
== Related terms == | == Related terms == | ||
| − | * | + | * [[cluster-read-only-role]] |
| + | * [[Kubernetes tokens]] | ||
* [[Attribute-based access control (ABAC)]] | * [[Attribute-based access control (ABAC)]] | ||
| − | * <code>[[kubectl | + | * [[Kubernetes service account]]: <code>[[kubectl create serviceaccount]]</code> |
* [[CKA 1.23]]: [[Manage role based access control (RBAC)]] | * [[CKA 1.23]]: [[Manage role based access control (RBAC)]] | ||
| − | * [[ | + | * [[AWS Controllers for Kubernetes (ACK)]] |
| − | |||
| − | |||
* [[Amazon EKS authorization]] | * [[Amazon EKS authorization]] | ||
| Line 41: | Line 40: | ||
* {{kubectl auth}} | * {{kubectl auth}} | ||
* {{Kubernetes RBAC}} | * {{Kubernetes RBAC}} | ||
| − | |||
[[Category:Kubernetes]] | [[Category:Kubernetes]] | ||
Latest revision as of 12:09, 31 October 2023
Kubernetes RBAC uses the rbac.authorization.k8s.io API Group, GA since Kubernetes 1.8 (Sep 2017)
https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Commands[edit]
kubectl create rolekubectl create clusterrolekubectl create rolebindingkubectl create clusterrolebinding
K8s Cluster roles[edit]
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
Review https://medium.com/codex/how-to-provide-access-to-aws-eks-for-sso-users-via-aws-sso-to-view-and-manage-the-cluster-17e2acfd6a35 for screenshoots of AWS EKS console depending of different roles.
Related: groups:, kubectl get clusterroles
Related terms[edit]
- cluster-read-only-role
- Kubernetes tokens
- Attribute-based access control (ABAC)
- Kubernetes service account:
kubectl create serviceaccount - CKA 1.23: Manage role based access control (RBAC)
- AWS Controllers for Kubernetes (ACK)
- Amazon EKS authorization
Activities[edit]
- Learn the differences between
RoleandClusterRole: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
News[edit]
- March 2017 Kubernetes 1.6 [1]
See also[edit]
- Kubernetes roles,
kubectl get [ roles | clusterroles | clusterrolebindings ], kubectl create rolebinding, K8s Cluster roles kubectl auth [ can-i | reconcile ]- Kubernetes RBAC
kubectl auth, kubectl auth can-i, kubectl auth reconcilekubectl create [ role | clusterrole | clusterrolebinding|rolebinding | serviceaccount ], groups:, Kubernetes RBAC good practices,kube2iam, K8s Cluster roles,rbac.authorization.k8s.io,system:
Advertising:
