Kubernetes Security and RBAC

API Access Control

Access to the Kubernetes API goes through three stages:

Authentication: Establishes the identity of the caller.
Authorization: Determines if the caller has permission to perform the requested action.
Admission Control: Modifies or validates the request before it is executed.

Role-Based Access Control (RBAC)

RBAC is a method of regulating access to computer or network resources based on the roles of individual users within your organization.

Role / ClusterRole: Contains rules that represent a set of permissions.
RoleBinding / ClusterRoleBinding: Grants the permissions defined in a role to a user or set of users.

Network Policies

NetworkPolicies are an application-centric construct which allow you to specify how a pod is allowed to communicate with various network “entities” over the network. They act as a firewall at the pod level.

Lesson 05 Lesson 06