{"id":1841,"date":"2021-12-13T13:03:56","date_gmt":"2021-12-13T13:03:56","guid":{"rendered":"https:\/\/blog.samarthya.me\/wps\/?p=1841"},"modified":"2021-12-27T06:51:54","modified_gmt":"2021-12-27T06:51:54","slug":"k8s-rbac","status":"publish","type":"post","link":"https:\/\/blog.samarthya.me\/wps\/2021\/12\/13\/k8s-rbac\/","title":{"rendered":"K8S RBAC"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">What?<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Role Based Access Control(s) is a way of regulating access to entities like storage, network etc.<\/li><li>RBAC authorization uses <code>rbac.authorization.k8s.io<\/code> API group.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">API Objects<\/h2>\n\n\n\n<p>There are 4 kind of kubernetes object<\/p>\n\n\n\n<figure class=\"wp-block-pullquote has-background has-luminous-vivid-orange-background-color is-style-solid-color\"><blockquote class=\"has-text-color has-white-color\"><p>Permissions are always additive.<\/p><\/blockquote><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Role <\/h3>\n\n\n\n<p>Role allows you to set permissions within a particular namespace. <\/p>\n\n\n\n<figure class=\"wp-block-pullquote has-background is-style-solid-color\" style=\"background-color:#0693e3\"><blockquote class=\"has-text-color has-white-color\"><p>When you define a Role you have must specify the namespace it belongs to.<\/p><\/blockquote><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">ClusterRole<\/h3>\n\n\n\n<p>A ClusterRole can be used to grant the same permissions as a Role. It a non name-space bound resource &amp; has several uses<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Define permissions on namespaced resources and be granted within individual namespace(s)<\/li><li>Define permissions on namespaced resources and be granted across all namespaces<\/li><li>Define permissions on cluster-scoped resources<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">RoleBinding<\/h3>\n\n\n\n<p>A role binding grants the permissions defined in a <code>role<\/code> to a user or set of users. It uses a list of <em>subjects<\/em> (users, groups, or service accounts), and a reference to the role being granted. <\/p>\n\n\n\n<p>A RoleBinding grants permissions within a <strong>specific namespace <\/strong>whereas a ClusterRoleBinding grants that access cluster-wide.<\/p>\n\n\n\n<figure class=\"wp-block-pullquote has-background is-style-solid-color\" style=\"background-color:#ff6900\"><blockquote class=\"has-text-color has-white-color\"><p>The name of a RoleBinding or ClusterRoleBinding object must be a valid <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/overview\/working-with-objects\/names#path-segment-names\">path segment name<\/a>.<\/p><cite>Official API documentation<\/cite><\/blockquote><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">ClusterRoleBinding<\/h3>\n\n\n\n<p>To grant permissions across a whole cluster, you can use a ClusterRoleBinding.<\/p>\n\n\n\n<p class=\"has-drop-cap has-vivid-red-background-color has-background has-normal-font-size\">After you create a binding, you cannot change the Role or ClusterRole that it refers to. If you try to change a binding&#8217;s <code>roleRef<\/code>, you get a validation error. If you do want to change the <code>roleRef<\/code> for a binding, you need to remove the binding object and create a replacement.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What? Role Based Access Control(s) is a way of regulating access to entities like storage, network etc. RBAC authorization uses rbac.authorization.k8s.io API group. API Objects There are 4 kind of kubernetes object Permissions are always additive. Role Role allows you to set permissions within a particular namespace. When you define a Role you have must [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1467,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[195,34],"tags":[18,210],"class_list":["post-1841","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kubernetes","category-technical","tag-k8s","tag-rbac"],"_links":{"self":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/posts\/1841","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/comments?post=1841"}],"version-history":[{"count":0,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/posts\/1841\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/media\/1467"}],"wp:attachment":[{"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/media?parent=1841"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/categories?post=1841"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.samarthya.me\/wps\/wp-json\/wp\/v2\/tags?post=1841"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}