Authorization (RBAC)

Learn about authorization in Kubernetes.

We'll cover the following

RBAC big picture
Users and Permissions
- Looking closer at rules

Authorization happens immediately after successful authentication, and we’ll sometimes see it shortened to authZ (pronounced “auth zee”).

Kubernetes authorization is pluggable, and we can run multiple authZ modules on a single cluster. However, most clusters use RBAC. Also, if our cluster has multiple authorization modules, as soon as any module authorizes a request, it moves immediately to admissions control.

RBAC big picture

The most common authorization module is RBAC (Role-Based Access Control). At the highest level, RBAC is about three things:

Users
Actions
Resources

Which users can perform which actions against which resources.

The following table shows a few examples.

Get hands-on with 1400+ tech skills courses.

Kubernetes Primer

Kubernetes Principles of Operation

Getting Kubernetes

Working With Pods: Theory

Working with Pods: Hands-On

Virtual Clusters with Namespaces

Kubernetes Deployments

Kubernetes Services: Theory

Kubernetes Services: Hands-On

Ingress

WebAssembly on Kubernetes

Service Discovery Deep Dive

Kubernetes Storage

ConfigMaps

StatefulSets

API Security and RBAC

Kubernetes API

Threat Modeling Kubernetes

Real-World Kubernetes Security

Conclusion

Authorization (RBAC)

RBAC big picture