Securing your Kubernetes cluster is one thing, keeping it secure is a continuous uphill struggle. However, with the introduction of new features to Kubernetes it is becoming much easier to do both.
Kubernetes (as of version 1.6) has introduced the concept of Role-Based Access Control (RBAC), allows administrators to define policies to restrict the actions of users of your cluster. This means it is possible to create a user with limited access, allowing you to restrict access to resources such as Secrets, or by limiting access of that user to a specific Namespace.
This blog post will not look at how to implement RBAC, as there are many decent sources of information that cover it in vast detail:
- https://medium.com/containerum/configuring-permissions-in-kubernetes-with-rbac-a456a9717d5d
- https://www.cncf.io/blog/2018/08/01/demystifying-rbac-in-kubernetes/
- https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/
- https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Instead, this post will focus on how to ensure your business’s compliance and requirements are actually being adhered to and to ensure that we need to test our applied RBAC objects, to ensure they do what we intend them to do.
Read more at Medium