Member-only story
DevOps in K8s — RBAC, Part One
Note, full “DevOps in K8s” mind map is available at: “DevOps in K8s Mind Map”
We know that K8s represents all resource objects as API objects that support CRUD (Create, Read, Update, Delete, …) operations, which means that resources like the ones listed below can be created, deleted, updated, or read through the API, such as the following:
At a higher level, API groups are associated with these resources in K8s, with Pods belonging to the Core API group, and Deployments belonging to the apps API group. When using RBAC to manage permissions for K8s resources, we need to understand a few other concepts in addition to the resources and operations mentioned above.
RBAC Concepts
Rule
In K8s RBAC, a rule is a set of permissions that are granted to a user or group to perform certain actions on resources. A rule consists of a verb, a resource, and a namespace, which together specify the allowed action, the target resource, and the namespace in which the resource resides.
