What is Kubernetes role-based access control (RBAC)?

Copy URL

Kubernetes Role-Based Access Control (RBAC) is a form of identity and access management (IAM) that involves a set of permissions or template that determines who (subjects) can execute what (verbs), where (namespaces). RBAC is an evolution from the traditional attribute-based access control (ABAC)—which grants access based on user name rather than user responsibilities.

The state of Kubernetes security in 2024

Kubernetes (also known as k8s or kube) is an open source container orchestration platform that automates many of the manual processes involved in deploying, managing, and scaling containerized applications. 

When managed by Kubernetes, Linux containers give microservice-based apps an ideal application deployment unit and self-contained execution environment. And because Kubernetes deployments are written in YAML, the code is human-readable.

Learn more about Kubernetes

Red Hat Resources

Roles grant various levels of access to pods and nodes. Roles can be authorized to access a specific group of clusters working together as an application workload (known simply as as roles) or entire clusters (known as cluster roles).

  • Roles grant permission to virtually linked groups of clusters known as namespaces. Roles are a type of namespaced resource because user access to a workload is determined by what clusters are included in the specific namespace. Users, groups of users, or service account names can be consolidated into a single role through role binding.
  • Cluster roles grant permission to entire clusters, which are groups of individual hardware nodes. Cluster roles can span multiple namespaces. Cluster role binding ties a cluster role to every namespace in a cluster. For example, the cluster administrator cluster role name has unfettered access to all clusters.

Role binding and cluster role permissions can be combined and stacked using metadata. This grants permissions defined in a cluster role to resources inside the role binding's namespace—helping define common roles across a cluster that can be reused across multiple namespaces.

Here are 5 common Kubernetes RBAC mistakes

The Kubernetes application programming interface (API) is the front end of the Kubernetes control plane. The Kubernetes API communicates interactions with a computer or system to retrieve information or perform a function

Kubernetes RBAC collects related function requests into API groups, which communicate with API servers when connecting certain roles to API endpoints.

For more information on using Kubernetes RBAC—including Kubernetes documentation, rbac.authorization.k8s.io authentication, the kubectl command line tool, add-ons, kubelet TLS bootstrapping, and setting up network policies, visit the open source project's RBAC docs.

Red Hat was one of the first companies to work with Kubernetes’ creator—Google—on the project even prior to launch. Since then, it has become the 2nd leading contributor to the Kubernetes upstream project and became one of the first to market with an enterprise Kubernetes platform. 

Red Hat® OpenShift® is Kubernetes for the enterprise, including all the extra pieces of technology that make Kubernetes more powerful and viable. These components include networking, authentication, monitoring, security, and automation, among others. 

Unlike other vendor platforms that require proprietary components—as well as complex processes—Red Hat OpenShift is a single, integrated platform for operations and development teams, validating popular storage and networking plug-ins for Kubernetes and including built-in monitoring, logging, and analytics solutions.

Keep reading
Hub

The official Red Hat blog

Get the latest information about our ecosystem of customers, partners, and communities.

All Red Hat product trials

Our no-cost product trials help you gain hands-on experience, prepare for a certification, or assess if a product is right for your organization.

Keep reading

What is the Kubernetes Java client?

The Kubernetes Java client is a client library that enables the use of the Java programming language to interface with Kubernetes.

What are hosted control planes?

Pave the way for a true hybrid-cloud approach that allows smaller nodes to run a control plane, thereby reducing the cost of clusters.

Containers vs VMs

Linux containers and virtual machines (VMs) are packaged computing environments that combine various IT components and isolate them from the rest of the system.

Containers resources

Related articles