[Kubernetes (K8S) Examples] BRAC Authorization examples about Kubernetes (K8S) Pods

BRAC Authorization examples

Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization.

pods

Basic Authorization

1
2
3
4
5
6
7
8
9
10
11
---
apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRole
Kind: Role
metadata:
name: role-name
# namespace: default
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]

pods/log

1
2
3
- apiGroups: [""]
resources: [pods/log]
verbs: ["get", "list", "create"]

pods/portforward

1
2
3
- apiGroups: [""]
resources: [pods/portforward]
verbs: ["get", "list", "create"]

pods/exec

1
2
3
4
# pods/exec
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create"]

See how to control access for pods/exec only in kubernetes rbac without pods create binded? - Stack Overflow - https://stackoverflow.com/questions/47468369/how-to-control-access-for-pods-exec-only-in-kubernetes-rbac-without-pods-create to learn more.

References

[1] Using RBAC Authorization | Kubernetes - https://kubernetes.io/docs/reference/access-authn-authz/rbac/