What is RBAC in Kubernetes?

4 min readNov 8, 2019

RBAC stands for Role-Based Access Control. It is an approach that is used for restricting access to users and applications on the system/network. RBAC is used by Kubernetes for authorization, for example giving access to a user, adding/removing permissions and setting up rules, etc. So basically, it adds security to a Kubernetes cluster. RBAC in Kubernetes is the way that you restrict who can access what within the cluster.

Why RBAC?

Let’s see why you’re interested in Access Control. Well obviously, you have multiple people on your teams and they’re accessing your Kubernetes cluster. Each of them needs to have some amount of security from one another. There could be cases, where a member in your team is interfering with the other members, work accidentally, for example, one developer might accidentally delete someone else’s work or gain visibility into a secret project that’s being developed. In such cases, having Role-Based Access Control is mandatory.

When you think about the differences between developers and operators cluster administrators, it becomes even more clear that there are different capabilities that they need to be associated with different types of roles within a Kubernetes cluster. That is where the notion of RBAC or Role-Based Access Control comes into play.

RBAC got introduced from Kubernetes 1.8, it uses rbac.authorization.k8s.io API group for creating authorization policies. To enable RBAC manually for a Kubernetes cluster you need to start the cluster with the flag — authorization-mode=RBAC

By default, RBAC is enabled in Kubernetes. RBAC in Kubernetes infrastructure is implemented through Role, ClusterRole, RoleBinding, and ClusterRoleBinding. Let me tell you what they are with examples.

Role

Role in Kubernetes Role-Based Access Control defines a notion of a verb like get or list and a set of nouns like pod volumes etc. So, a role defines what you can do to a set of resources. It contains a set of rules which define a set of permission.

I encourage people to check out all the different roles that are predefined inside of Kubernetes. There’s a lot of them that can give you an idea and you can even use to build up your own sort of access control and take a deep look into…

What is RBAC in Kubernetes?

Why RBAC?

Role

Written by Daniel Chernenkov

More from Daniel Chernenkov

The Kubernetes Operator Pattern

Kubernetes Operator is a powerful tool for managing and scaling applications on the Kubernetes platform. It allows developers to easily…

Training models with Kubernetes & Kubeflow

If you’ve been following the tech news, it’s a little hard to miss the buzz around Kubernetes and Kubeflow. In this short guide, we are…

The FHIR Protocol

Fast Healthcare Interoperability Resources (FHIR) for Health Care technology providers.

Introduction to CQRS — In Microservices

Are you dealing with an application that involves complex business logic?

Recommended from Medium

Autoscaling Pods in Kubernetes based on Http requests

Autoscaling Pods is a fundamental feature in Kubernetes to adjust the resource limits based on the usage or changing workload of Pods to…

Generate Kubernetes Manifests with Helm Charts using Kustomize

In the world of Kubernetes, there’s a common question: “Should I pick Helm or Kustomize?” 🤔 It’s like choosing between two powerful tools…

Lists

Now in AI: Handpicked by Better Programming

Natural Language Processing

Deploy Prometheus and Grafana into your Kubernetes Cluster easily

Need to monitor your Kubernetes applications quickly? Need Grafana integrated to show you stunning metrics from Prometheus? This is for…

Kubernetes notifications with BotKube

With the increasing complexity of Kubernetes clusters, it is crucial to stay on top of the health, performance and security of your…

Kube-Proxy: What is it and How it Works

Introduction

Understanding Different Types of Services in Kubernetes

From ClusterIP, Nodeport to Load Balancer