July 2019
Intermediate to advanced
502 pages
14h
English
Content preview from Hands-On Microservices with Kubernetes
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Managing permissions with RBAC
RBAC is a mechanism that's used to manage access to Kubernetes resources. With effect from Kubernetes 1.8, RBAC is considered stable. Start the API server with --authorization-mode=RBAC to enable it. RBAC works as follows when a request to the API server comes in:
- First, it authenticates the request via the user credentials or service account credentials of the caller (returns 401 unauthorized if it fails).
- Next, it checks the RBAC policies to verify whether the requester is authorized to perform the operation on the target resource (returns 403 forbidden if it fails).
- Finally, it runs through an admission controller that may reject or modify the request for various reasons.
The RBAC model consists of identities ...