Ajinkya16
Reputation: 335
Shell or bash in pods in Kubernetes
How do you disable shell or bash access to pods in a container? I do not want anyone to get access inside the pod via kubectl exec or docker exec or via k9s
Upvotes: 0
Views: 888
Answers (1)
Harsh Manvar
Reputation: 30160
Kubectl is a CLI tool so it connects with the K8s API server and authenticates.
You can restrict the user by their Role, so using the RBAC with proper permission will resolve your issue.
Ref : https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Example :
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: serviceaccount
namespace: default
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: default-user-role
namespace: default
rules:
- apiGroups: [""]
resources:
- pods/attach
- pods/exec
verbs: [""]
- apiGroups: ["", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: default-user-view
namespace: default
subjects:
- kind: ServiceAccount
name: serviceaccount
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: default-user-role
check auth using the
kubectl auth can-i --as=system:serviceaccount:default:serviceaccount exec pod
Upvotes: 2
Related Questions
- Execute bash command in pod with kubectl?
- How to execute a shell script as input on an interactive bash pod in Kubernetes?
- What's the kubectl equivalent of docker exec bash in Kubernetes?
- Running script from Linux shell inside a Kubernetes pod
- How to let Kubernetes pod run a local script
- Launch a pod in k8s to be used as terminal for the cluster
- Kubernetes can't get bash prompt when exec into pod
- Kubernetes run shell command in deployment container
- How to connect to shell to Kubernetes pod
- How to run a pod with multiple commands and keeping an interactive shell after that with kubectl?