Kubernetes illustration
Jump to section

What is Kubernetes role-based access control (RBAC)?

Copy URL

Kubernetes Role-Based Access Control (RBAC) is a form of identity and access management (IAM) that involves a set of permissions or template that determines who (subjects) can execute what (verbs), where (namespaces). RBAC is an evolution from the traditional attribute-based access control (ABAC)—which grants access based on user name rather than user responsibilities.

The state of Kubernetes security in 2024

Kubernetes (also known as k8s or kube) is an open source container orchestration platform that automates many of the manual processes involved in deploying, managing, and scaling containerized applications. 

When managed by Kubernetes, Linux containers give microservice-based apps an ideal application deployment unit and self-contained execution environment. And because Kubernetes deployments are written in YAML, the code is human-readable.

Roles grant various levels of access to pods and nodes. Roles can be authorized to access a specific group of clusters working together as an application workload (known simply as as roles) or entire clusters (known as cluster roles).

  • Roles grant permission to virtually linked groups of clusters known as namespaces. Roles are a type of namespaced resource because user access to a workload is determined by what clusters are included in the specific namespace. Users, groups of users, or service account names can be consolidated into a single role through role binding.
  • Cluster roles grant permission to entire clusters, which are groups of individual hardware nodes. Cluster roles can span multiple namespaces. Cluster role binding ties a cluster role to every namespace in a cluster. For example, the cluster administrator cluster role name has unfettered access to all clusters.

Role binding and cluster role permissions can be combined and stacked using metadata. This grants permissions defined in a cluster role to resources inside the role binding's namespace—helping define common roles across a cluster that can be reused across multiple namespaces.

The Kubernetes application programming interface (API) is the front end of the Kubernetes control plane. The Kubernetes API communicates interactions with a computer or system to retrieve information or perform a function

Kubernetes RBAC collects related function requests into API groups, which communicate with API servers when connecting certain roles to API endpoints.

For more information on using Kubernetes RBAC—including Kubernetes documentation, rbac.authorization.k8s.io authentication, the kubectl command line tool, add-ons, kubelet TLS bootstrapping, and setting up network policies, visit the open source project's RBAC docs.

Red Hat was one of the first companies to work with Kubernetes’ creator—Google—on the project even prior to launch. Since then, it has become the 2nd leading contributor to the Kubernetes upstream project and became one of the first to market with an enterprise Kubernetes platform. 

Red Hat® OpenShift® is Kubernetes for the enterprise, including all the extra pieces of technology that make Kubernetes more powerful and viable. These components include networking, authentication, monitoring, security, and automation, among others. 

Unlike other vendor platforms that require proprietary components—as well as complex processes—Red Hat OpenShift is a single, integrated platform for operations and development teams, validating popular storage and networking plug-ins for Kubernetes and including built-in monitoring, logging, and analytics solutions.

Building on a foundation of OpenShift, you can use Red Hat Advanced Cluster Management and Red Hat Ansible® Automation Platform together to efficiently deploy and manage multiple Kubernetes clusters across environments.

Keep reading

Article

What's a Linux container?

A Linux container is a set of processes isolated from the system, running from a distinct image that provides all the files necessary to support the processes.

Article

Containers vs VMs

Linux containers and virtual machines (VMs) are packaged computing environments that combine various IT components and isolate them from the rest of the system.

Article

What is container orchestration?

Container orchestration automates the deployment, management, scaling, and networking of containers.

More about containers

Products

An enterprise application platform with a unified set of tested services for bringing apps to market on your choice of infrastructure.

Resources

Podcast

Command Line Heroes Season 1, Episode 5:
"The Containers Derby"

E-Book

Boost agility with hybrid cloud and containers

Training

Free training course

Running Containers with Red Hat Technical Overview

Free training course

Containers, Kubernetes and Red Hat OpenShift Technical Overview

Free training course

Developing Cloud-Native Applications with Microservices Architectures