Kubernetes Role-Based Access Control (RBAC) is a form of identity and access management (IAM) that involves a set of permissions or template that determines who (subjects) can execute what (verbs), where (namespaces).RBAC is an evolution from the traditional attribute-based access control (ABAC)—which grants access based on user name rather than user responsibilities.

The state of Kubernetes security in 2024

Kubernetes (also known as k8s or kube) is anopen source container orchestration platform thatautomates many of the manual processes involved indeploying,managing, and scaling containerized applications. 

When managed by Kubernetes, Linux containers givemicroservice-based apps an ideal application deployment unit and self-contained execution environment. And because Kubernetes deployments are written inYAML, the code is human-readable.

Roles grant various levels of access topods and nodes. Roles can be authorized to access a specific group ofclusters working together as an application workload (known simply as as roles) or entire clusters (known as cluster roles).

• Roles grant permission to virtually linked groups of clusters known as namespaces. Roles are a type of namespaced resource because user access to a workload is determined by what clusters are included in the specific namespace. Users, groups of users, or service account names can be consolidated into a single role throughrole binding.
• Cluster roles grant permission to entire clusters, which are groups of individual hardware nodes. Cluster roles can span multiple namespaces.Cluster role binding ties a cluster role to every namespace in a cluster. For example, the cluster administrator cluster role name has unfettered access to all clusters.

Role binding and cluster role permissions can be combined and stacked using metadata. This grants permissions defined in a cluster role to resources inside the role binding's namespace—helping define common roles across a cluster that can be reused across multiple namespaces.

The Kubernetesapplication programming interface (API) is the front end of the Kubernetes control plane. TheKubernetes API communicates interactions with a computer or system to retrieve information or perform afunction. 

Kubernetes RBAC collects related function requests into API groups, which communicate with API servers when connecting certain roles to API endpoints.

For more information on using Kubernetes RBAC—including Kubernetes documentation, rbac.authorization.k8s.io authentication, the kubectl command line tool, add-ons, kubelet TLS bootstrapping, and setting up network policies, visitthe open source project's RBAC docs.

Red Hat was one of the first companies to work with Kubernetes’ creator—Google—on the project even prior to launch. Since then, it has become the 2nd leading contributor to the Kubernetes upstream project and became one of the first to market with an enterprise Kubernetes platform. 

Red Hat® OpenShift® is Kubernetes for the enterprise, including all the extra pieces of technology that make Kubernetes more powerful and viable. These components include networking, authentication, monitoring,security, and automation, among others. 

Unlike other vendor platforms that require proprietary components—as well as complex processes—Red Hat OpenShift is a single, integrated platform for operations and development teams, validating popularstorage and networking plug-ins for Kubernetes and including built-in monitoring, logging, and analytics solutions.

• Blog post

  Reduce risk in Kubernetes: How to separate admin roles for safer, compliant operations

• Checklist

  5 benefits of Red Hat Enterprise Linux for Microsoft Azure

• Case study

  Meet the 7 customers innovating with Red Hat technologies

• Case study

  Optimizing container-based development and VM provisioning

• What is a Linux container?
• What is container orchestration?
• Stateful vs stateless applications
• What is Kubernetes?
• Red Hat OpenShift on VMware
• What is KubeVirt?
• Why use Red Hat Ansible Automation Platform with Red Hat OpenShift?
• What is Podman Desktop?
• What is Podman?
• What is the Kubernetes Java client?
• What are hosted control planes?
• What is kubernetes security?
• Red Hat OpenShift for developers
• Containers vs VMs
• Edge computing with Red Hat OpenShift
• How Kubernetes can help AI/ML
• What is Kubeflow?
• What are microservices?
• OpenShift vs. OpenStack: What are the differences?
• What is container security?
• What are sandboxed containers
• what is Buildah?
• Kubernetes vs OpenStack
• What are validated patterns?
• Kubernetes on AWS: Self-Managed vs. Managed Applications Platforms
• What is an image builder?
• Red Hat OpenShift vs. OKD
• Red Hat OpenShift vs. Kubernetes: What's the difference?
• Spring on Kubernetes with Red Hat OpenShift
• What is high availability and disaster recovery for containers?
• Why run Apache Kafka on Kubernetes?
• What is a golden image?
• What are Red Hat OpenShift cloud services?
• VNF and CNF, what’s the difference?
• What is a container registry?
• What is Skopeo?
• What are Red Hat OpenShift Operators?
• Using Helm with Red Hat OpenShift
• Kubernetes security best practices
• Orchestrating Windows containers on Red Hat OpenShift
• What is a Kubernetes operator?
• High performance computing with Red Hat OpenShift
• Advantages of Kubernetes-native security
• What is KubeLinter?
• Intro to Kubernetes security
• Container and Kubernetes compliance considerations
• How microservices support IT integration in healthcare
• Kubernetes cluster management
• Red Hat OpenShift on IBM IT infrastructure
• Red Hat OpenShift for business leaders
• How to deploy Red Hat OpenShift
• Cost management for Kubernetes on Red Hat OpenShift
• What is enterprise Kubernetes?
• What makes Red Hat OpenShift the right choice for IT operations?
• What makes Red Hat OpenShift the right choice for SAP?
• Why choose Red Hat for Kubernetes?
• Kubernetes-native Java development with Quarkus
• What is containerization?
• What was CoreOS and CoreOS container Linux
• Learning Kubernetes basics
• What is service-oriented architecture?
• What is the Kubernetes API?
• What is Kubernetes cluster management?
• What is a Kubernetes deployment?
• Why choose the Red Hat build of Quarkus?
• Introduction to Kubernetes architecture
• What is CaaS?
• Introduction to Kubernetes patterns
• What is a Kubernetes cluster?
• What is Quarkus?
• What is Jaeger?
• What is Knative?
• What is etcd?
• What is container-native virtualization?
• What is Clair?
• Why choose Red Hat for microservices?
• Why choose Red Hat for containers?
• What is Docker?
• What is a Kubernetes pod?