Role based access control

Kubernetes
#1 
# Following is my role.yaml file

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dev-role
  namespace: development
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "update", "list"]

#  This is my role binding yaml file 

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dev-DevUser
  namespace: development
subjects:
- kind: User
  name: DevUser
  apiGroup: ""
roleRef:
  kind: Role
  name: dev-role
  apiGroup: ""

Role binding will allow user “DevUser” to read all the pods in the “development” namespace.

Q) Suppose I have three Pods ( P1, P2, P3 ) running in the development namespace, how can i give permission to the User to access only two particular pods( P1 and P2 ) and deny access to the third pod ?

Also is there any use case of the above, if any Kindly mention.

Thank you,
Deepak

#2

is very old and probably does not work in current versions of K8s. You want to use rbac.authorization.k8s.io/v1 instead.

As for your question: You can further restrict the role by actually naming the resourceNames of the pods you want the grant to apply to.

1 Like