BobCoder
Reputation: 823
Restricted Kubernetes Service account
I want to create a service account which should have 0 access of k8s api. Is it possible to create such account ? What will be role definition?
Upvotes: 0
Views: 98
Answers (2)
Arghya Sadhu
Reputation: 44657
Kubernetes follows the principle of least priviledge.If you create a service account but don't attach any role binding or cluster role binding to it then it will not have any access to Kubernetes API.
Upvotes: 1
weibeld
Reputation: 15312
You could try to define a Role like this:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: nothing
rules: []
Create it:
kubectl apply -f nothing.yaml
Then bind it to your ServiceAccount:
kubectl create rolebinding nothing --serviceaccount my-serviceaccount --role nothing
Upvotes: 1
Related Questions
- kubernetes service account permissions
- K8S RBAC role to allow everything except namespaces and service accounts
- How to assign RBAC permissions to system:anonymous service account in Kubernetes?
- Restrict ServiceAccount / Role to manage secrets in all clusters
- how can i assign permission to service account in azure kubernetes cluster( RBAC is enabled )?
- How to prevent misuse of kubernetes service account
- Granting a Kubernetes Service Account permissions for Secrets?
- restricting EKS user access
- Create ServiceAccounts for access to the Kubernetes Deployments
- RBAC - Limit access for one service account