Reputation: 41
Kubernetes role to create limited roles
Is it possible to create a role that gives the right to create roles which can only give the right to create and delete pods, deployments, secrets
For example the role A permit to create roles X,Y,Z so that roles X,Y,Z are limited to the resources pods, deployments, secrets
Regards
Upvotes: -1
Views: 93
Answers (1)
Reputation: 1
Yes it is possible to create a role that allows creating roles with limited permissions:
Create a Role Creator role:
This role has the all permissions to create other roles within your kubernetes Cluster
It allows creating, updating and deleting roles and RoleBinding objects.
Create Limited role:
These roles have restricted permissions such as only allowing actions on pods, deployments and secrets.
By using role creator roles you can create and distribute the limited roles to other entities within your cluster, granting them controlled access to specific resources.
To enforce the restrictions in a limited role . you need to use admission controllers
RBAC Bindings are used to grant the Role Creator role and limited role to the specific user or service accounts.
Refer to this Medium Blog by Harsh for more information about Mastering Kubernetes RBAC: User Creation & Role-Based Access Control.
Upvotes: 0
Related Questions
- Create PostgreSQL ROLE (user) if it doesn't exist
- What is the purpose of the "role" attribute in HTML?
- What is exactly "Assume" a role in AWS?
- can kubernetes role override clusterrole?
- Best Practices for Roles vs. Claims in ASP.NET Identity
- What is the difference between a pod and a deployment?
- What apiGroups and resources exist for RBAC rules in kubernetes?
- How to bind roles with service accounts - Kubernetes
- Create custom role for subscription in azure