What is RBAC in Kubernetes?

4 min readNov 8, 2019

RBAC stands for Role-Based Access Control. It is an approach that is used for restricting access to users and applications on the system/network. RBAC is used by Kubernetes for authorization, for example giving access to a user, adding/removing permissions and setting up rules, etc. So basically, it adds security to a Kubernetes cluster. RBAC in Kubernetes is the way that you restrict who can access what within the cluster.

Why RBAC?

Let’s see why you’re interested in Access Control. Well obviously, you have multiple people on your teams and they’re accessing your Kubernetes cluster. Each of them needs to have some amount of security from one another. There could be cases, where a member in your team is interfering with the other members, work accidentally, for example, one developer might accidentally delete someone else’s work or gain visibility into a secret project that’s being developed. In such cases, having Role-Based Access Control is mandatory.

When you think about the differences between developers and operators cluster administrators, it becomes even more clear that there are different capabilities that they need to be associated with different types of roles within a Kubernetes cluster. That is where the notion of RBAC or Role-Based Access Control comes into play.

RBAC got introduced from Kubernetes 1.8, it uses rbac.authorization.k8s.io API group for creating authorization policies. To enable RBAC manually for a Kubernetes cluster you need to start the cluster with the flag — authorization-mode=RBAC

By default, RBAC is enabled in Kubernetes. RBAC in Kubernetes infrastructure is implemented through Role, ClusterRole, RoleBinding, and ClusterRoleBinding. Let me tell you what they are with examples.

Role

Role in Kubernetes Role-Based Access Control defines a notion of a verb like get or list and a set of nouns like pod volumes etc. So, a role defines what you can do to a set of resources. It contains a set of rules which define a set of permission.

I encourage people to check out all the different roles that are predefined inside of Kubernetes. There’s a lot of them that can give you an idea and you can even use to build up your own sort of access control and take a deep look into…

What is RBAC in Kubernetes?

Why RBAC?

Role

Written by Daniel Chernenkov

More from Daniel Chernenkov

The Kubernetes Operator Pattern

Kubernetes Operator is a powerful tool for managing and scaling applications on the Kubernetes platform. It allows developers to easily…

The FHIR Protocol

Fast Healthcare Interoperability Resources (FHIR) for Health Care technology providers.

Introduction to CQRS — In Microservices

Are you dealing with an application that involves complex business logic?

Training models with Kubernetes & Kubeflow

If you’ve been following the tech news, it’s a little hard to miss the buzz around Kubernetes and Kubeflow. In this short guide, we are…

Recommended from Medium

A Step-by-Step Guide to Creating Users in Kubernetes

Before we begin, ensuring that the secret file names match the user’s name will save your time a lot. e.g john.key john.csr john.crt…

Kube-Armor: A Cluster Knight.

In this article, we will be discussing an open-source cloud-native tool called the KubeArmor.

Lists

Natural Language Processing

3 years managing Kubernetes clusters, my 10 lessons.

Over the past three years, I’ve navigated the sometimes turbulent waters of managing Kubernetes clusters. This journey, filled with…

2023 DevOps is terrible.

My analysis of modern DevOps evolution into Platform Engineering. Just a new trend or a revolution in the IT industry?

Kubernetes: ensuring High Availability for Pods

Setting up High Availability for Kubernetes Pods with Deployment replicas, Pod Topology Spread Constraints, PodDisruptionBudget and…

Be quick with Kubernetes

While I’m writing this, I’m studying for the Certified Kubernetes Application Developer (CKAD) certification. The exam for this…