Table of Contents
- Configure RBAC In Your Kubernetes Cluster
- what is RBAC?
- Practical
- Video Tutorial
- Configure RBAC In Your Kubernetes Cluster
a. what is RBAC?
- Role-based access control (RBSC). From Kubernetes 1.6 version onwards, RBAC policies are enabled by default
- RBSC policies are vital for the correct management of your cluster, as they also allow you to specify which type of actions are permitted depending upon the user and their role in your organization.
- To certain users and you can define their role and according to their rules, you can manage their responsibilities and functionalities in the cluster.
2. Practical
so here we have a Ubuntu on which the Kubernetes master cluster is enabled
a. first of all, we will log in as a root user
b. Now the Kubernetes defines default roles that you should consider using before starting your roles so for that we can simply use the command cube CTL to get cluster roles.
c. So, with this command, we can simply see what type of roles are already predefined by the Kubernetes cluster. Now let’s say if we have an application that needs to have access to pod Information, we can use this command.
d. Now going with cluster rule view you can simply view all the roles of the present service is running in the cluster after that if you want to create a namespace cool app data application will live in and then service account my app ID in this namespace. So what we basically will do is that we will create the namespace which is called cool app use this command for that
e. So, as you can see the namespace cool app has also been created and after that, we need to is we need to create a service account named my app id.
f. Now the service account with the name my app id has also been created. We have already established the identity for our application which was collab so we can define a role for the view that allows only viewing and listening pods in its namespace.Now to assign the role we can use this command.
g. Now, what is defined in this command is that we are creating a role that is pod view and the resources which you are using are the pods. Now to check whether it has been successfully created or not we can use this command.
h. So using the pod view we can check the current number of pods running here. So currently no pods running. Now the role pod view allows only for viewing pods. So next we need to attach the role pod view to our application and which is represented by the service account my app id and for that we will use this command
i. So here what we have done is that we have created a rule binding of the namespace cool app which was the application and it is linked to the service account which is called my app ID so you can see that it has been successfully created. Now to check the services running under this we can use this command.
j. Now as you can see here it is defining that we have a service called my pod viewer and we can check the role here and the kind of service account the name of service which is my app id and namespace blinded to it which is called cool app so like this we can define the user with their roles and we can bind their roles with the services according to our requirements.
Video Tutorial