Difference between revisions of "Kubernetes RBAC"
Jump to navigation
Jump to search
↑ https://www.mirantis.com/blog/whats-new-kubernetes-1-6-focus-stability/
(→Roles) |
|||
(21 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | [[Kubernetes]] [[RBAC]] uses the <code>rbac.authorization.k8s.io</code> [[API]] Group | + | [[Kubernetes]] [[RBAC]] uses the <code>rbac.authorization.k8s.io</code> [[API]] Group, GA since [[Kubernetes 1.8]] (Sep 2017) |
https://kubernetes.io/docs/reference/access-authn-authz/rbac/ | https://kubernetes.io/docs/reference/access-authn-authz/rbac/ | ||
+ | == Commands == | ||
* <code>[[kubectl create role]]</code> | * <code>[[kubectl create role]]</code> | ||
* <code>[[kubectl create clusterrole]]</code> | * <code>[[kubectl create clusterrole]]</code> | ||
Line 12: | Line 13: | ||
* <code>[[kubectl auth can-i]]</code> | * <code>[[kubectl auth can-i]]</code> | ||
− | == | + | == [[K8s Cluster roles]] == |
− | + | https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles | |
− | : cluster- | + | {{K8s roles TOC}} |
− | : | + | |
− | : | + | Review https://medium.com/codex/how-to-provide-access-to-aws-eks-for-sso-users-via-aws-sso-to-view-and-manage-the-cluster-17e2acfd6a35 for screenshoots of AWS EKS console depending of different roles. |
+ | |||
+ | Related: <code>[[groups:]]</code>, <code>[[kubectl get clusterroles]]</code> | ||
== Related terms == | == Related terms == | ||
− | * | + | * [[cluster-read-only-role]] |
+ | * [[Kubernetes tokens]] | ||
* [[Attribute-based access control (ABAC)]] | * [[Attribute-based access control (ABAC)]] | ||
− | * <code>[[kubectl | + | * [[Kubernetes service account]]: <code>[[kubectl create serviceaccount]]</code> |
− | * [[CKA 1.23]]: | + | * [[CKA 1.23]]: [[Manage role based access control (RBAC)]] |
− | * [[ | + | * [[AWS Controllers for Kubernetes (ACK)]] |
− | * <code>[[ | + | * [[Amazon EKS authorization]] |
− | + | * [[Amazon EKS cluster endpoint (API server) access control]] | |
+ | |||
+ | == Activities == | ||
+ | * Learn the differences between <code>[[Role]]</code> and <code>[[ClusterRole]]</code>: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole | ||
== News == | == News == | ||
Line 34: | Line 41: | ||
* {{kubectl auth}} | * {{kubectl auth}} | ||
* {{Kubernetes RBAC}} | * {{Kubernetes RBAC}} | ||
− | |||
[[Category:Kubernetes]] | [[Category:Kubernetes]] |
Latest revision as of 10:59, 10 July 2024
Kubernetes RBAC uses the rbac.authorization.k8s.io
API Group, GA since Kubernetes 1.8 (Sep 2017)
https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Commands[edit]
kubectl create role
kubectl create clusterrole
kubectl create rolebinding
kubectl create clusterrolebinding
K8s Cluster roles[edit]
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
Review https://medium.com/codex/how-to-provide-access-to-aws-eks-for-sso-users-via-aws-sso-to-view-and-manage-the-cluster-17e2acfd6a35 for screenshoots of AWS EKS console depending of different roles.
Related: groups:
, kubectl get clusterroles
Related terms[edit]
- cluster-read-only-role
- Kubernetes tokens
- Attribute-based access control (ABAC)
- Kubernetes service account:
kubectl create serviceaccount
- CKA 1.23: Manage role based access control (RBAC)
- AWS Controllers for Kubernetes (ACK)
- Amazon EKS authorization
- Amazon EKS cluster endpoint (API server) access control
Activities[edit]
- Learn the differences between
Role
andClusterRole
: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
News[edit]
- March 2017 Kubernetes 1.6 [1]
See also[edit]
- Kubernetes roles,
kubectl get [ roles | clusterroles | clusterrolebindings ], kubectl create rolebinding
, K8s Cluster roles kubectl auth [ can-i | reconcile ]
- Kubernetes RBAC
kubectl auth, kubectl auth can-i, kubectl auth reconcile
kubectl create [ role | clusterrole | clusterrolebinding
|rolebinding | serviceaccount ], groups:
, Kubernetes RBAC good practices,kube2iam
, K8s Cluster roles,rbac.authorization.k8s.io
,system:
Advertising: