In a previous series of blog posts, we discussed the Kubernetes objects typically
used to run a web application. We covered, Namespace, Pod, ConfigMap, Secret, Service, Deployment, ServiceAccount,
Ingress, PDB, HPA, PV, PVC, Job and CronJob.
In this post, we will discuss some fundamental building blocks for the Kubernetes cluster administration: RBAC objects.
In most situations, Kubernetes API server is started with the flag
--authorization-mode=RBAC which enables RBAC in
- Role - namespaced. A Role defines a set of permissions or rules that determine what actions a user or group can
perform within a specific namespace.
- RoleBinding. A RoleBinding binds a Role to a user, group, or service account, enabling them to access and
perform actions defined by the Role within a specific namespace.
- ClusterRole - non-namespaced. A ClusterRole defines a set of permissions or rules that determine what actions
a user or group can perform across the entire cluster, rather than within a specific namespace.
- ClusterRoleBinding. A ClusterRoleBinding binds a ClusterRole to a user, group, or service account, granting
them the permissions defined by the ClusterRole across the entire cluster.