Saiyam Pathak avatar
By Saiyam Pathak
Director of Technical Evangelism


Learn about RBAC (Role Based Access Control) with levels of roles and role bindings.


Introduction to RBAC

Hi, in this video, we'll try to understand the concept of RBAC, which is role-based access control. The access control provides different roles to different resources inside the Kubernetes cluster to different service account users. So in this particular scenario, what we have tried is there is a service account 'Sam' in the namespace demo. And we want that service account to get a list, watch, and delete the deployments. So what do we do?

Levels of roles and role bindings

Now there are two levels of roles and role bindings. One is cluster level with the cluster level resources, which is the cluster role. Another one, the cluster role binding, is for the namespace level, which is a role and a role binding. These are namespaced resources. So we have to create a cluster role. In that particular cluster role, we will just define the name, API group, the resource, deployment, and the verbs, which are get, list, watch, and "delete. Next is role binding. Now we have a service account 'Sam' and a cluster role. Next, we have to bind these together. So we can create a role binding, and we have to define the namespace demo. And then, this is the section where we define the role Ref, and we give this particular cluster role that we just created above.

Next, we give the group user service account in the subject section. So here we have given the service account, the name of the service account, and the namespace. Once we apply both these yaml files, you can check access to a particular resource using kubectl auth can-i command. So if we run kubectl oauth can-i get deployment --as=system:serviceaccount:demo:sam -n demo command in the demo namespace, it will be valid and you will get the yes response. But in the default namespace, it is not valid because you cannot get in the default namespace. So this is how you will be able to provide different levels of access, which is the verb in this case to different resources, which is deployment in this case to different sets of users, which is service account 'Sam' in this particular scenario. So RBAC helps you provide different sets of roles to different sets of groups and users across the cluster to various resources. So that is how RBAC works on a high level.

That's it for this lecture. Thanks for watching. See you in the next one.

Don't stop now, check out your next lesson