In Chapter 3 you learned about the most important features of Portainer with regard to the challenges of cloud native architecture. In this chapter I will outline specific use cases built upon the aforementioned features that you can incorporate into your own infrastructure and workflows. You will learn how to give your team tiered access to resources in your managed Kubernetes clusters, deploy complex applications to them, and manage them with external tooling like kubectl, k9s, or Lens.
Managing Access to Kubernetes with RBAC
RBAC is short for role-based access control, a widely used mechanism to restrict systems access to authorized users. This is done by defining roles with specific privileges and assigning them to users or groups of users, as shown in Figure 4-1.
Portainer’s built-in roles map to cluster roles and namespace roles inside a Kubernetes cluster. Each role gives access to certain resources and the respective actions (or “verbs,” as they are called in Kubernetes) like get, create,or delete that are available for these resources inside the cluster.
You can learn more about the Portainer roles mapped to Kubernetes roles in the official documentation.
Figure 4-1. Overview of Portainer’s RBAC features
Roles can be assigned to teams or users in each environment, as shown in Figure 4-2. Users of a team inherit the roles of their team. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
