You have complete control over your lab cluster: you can deploy workloads, read Secrets, and even delete control plane components if you want to see how quickly they return. You don’t want anyone to have that much power in a production cluster, because if they have full admin control, then it’s really their cluster. Their account could be compromised, and then some rogue party deletes all your apps and turns your cluster into their personal Bitcoin miner. Kubernetes supports least-privilege access with role-based access control (RBAC). In this chapter, you’ll learn how RBAC works and some of the challenges that come with restricting access.
RBAC applies to end users working with kubectl and to internal components using the Kubernetes API with service account tokens. You need a different RBAC approach for each of those, which we’ll cover in this chapter, together with the best practices. You’ll also learn how Kubernetes gets the credentials for external users and how you can manage end users inside the cluster if you don’t have an external authentication system. RBAC is a straightforward model but with lots of moving pieces, and it can be hard to keep track of who can do what, so we’ll finish the chapter looking at management tools.