How to Block Certain Kubernetes User to Issuing Certain Commands

5/7/2021

For example, I don't want this user to :

  • Edit Cluster
  • Edit Deployment
  • Edit ig
  • Delete Pods ...

But Allow this user to:

  • Get nodes
  • Get pods
  • Describe Pods

If I use RBAC, can I have guidance?

-- Armin
kubernetes
rbac

1 Answer

5/7/2021

you will need to use RBAC for that, after creating a user you will need to create (ROLE or CLUSTER ROLE depends if you want it to apply to a specific namespace or not) and then create (ROLE BINDING or CLUSTER ROLE BINDING) and bind between the user and the role you created. you can find it all here https://kubernetes.io/docs/reference/access-authn-authz/rbac/

-- danny kaplunski
Source: StackOverflow