Saiyam Pathak avatar
By Saiyam Pathak
Field CTO


In the vast domain of Kubernetes, Role-Based Access Control (RBAC) stands as a pivotal mechanism to ensure secure and precise access to cluster resources. This lesson offers a comprehensive dive into RBAC, elucidating its levels, roles, and role bindings.

Introduction to RBAC in Kubernetes

RBAC, or Role-Based Access Control, is a systematic approach to managing access in Kubernetes. It empowers administrators to define what actions a user or service account can perform on specific resources within the cluster.

The Essence of RBAC

RBAC provides distinct roles to various resources inside the Kubernetes cluster for different service account users. For instance, consider a service account named `Sam` in the `demo` namespace. This account might be granted permissions to list, watch, and delete deployments.

Levels of Roles and Role Bindings in RBAC

There are two primary levels in RBAC:

  1. Cluster Level: This encompasses cluster roles and cluster role bindings. These are not tied to a specific namespace and apply to resources cluster-wide.
  2. Namespace Level: This level includes roles and role bindings that are specific to a namespace. For instance, granting permissions to a service account in one namespace might not grant the same permissions in another.

Crafting Roles and Role Bindings

To create a role, essential elements like the name, API group, resource (e.g., deployment), and verbs (e.g., get, list, watch, delete) must be defined. Following this, a role binding is crafted to bind the service account to the role. The role binding specifies the namespace and references the desired role. The subject section of the role binding then denotes the user or service account.

Verifying Access with `kubectl`

After setting up roles and role bindings, one can verify access using the kubectl auth can-i command. For instance, executing kubectl auth can-i get deployment --as=system:serviceaccount:demo:sam -n demo in the demo namespace should return a positive response. However, in the default namespace, the same command might not be valid.


RBAC in Kubernetes offers a structured approach to managing access, allowing administrators to assign specific roles to different users or service accounts. By mastering RBAC, one ensures a secure and efficient Kubernetes environment.

Don't stop now, check out your next lesson