{"id":1484,"date":"2023-08-25T08:38:36","date_gmt":"2023-08-25T08:38:36","guid":{"rendered":"https:\/\/imesh.ai\/blog\/?p=1484"},"modified":"2024-01-11T02:08:30","modified_gmt":"2024-01-11T02:08:30","slug":"what-is-kubernetes-rbac-and-why-do-you-need-it","status":"publish","type":"post","link":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/","title":{"rendered":"Kubernetes RBAC: Roles, Benefits, Limitations, Implementation"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">What is Kubernetes RBAC<\/h2>\n\n\n\n<p>Often when organizations start their Kubernetes journey, they look upto implementing least privilege roles and proper authorization to secure their infrastructure. That\u2019s where Kubernetes RBAC is implemented to secure Kubernetes resources such as sensitive data, including deployment details, persistent storage settings, and secrets.<\/p>\n\n\n\n<p><a href=\"https:\/\/kubernetes.io\/docs\/reference\/access-authn-authz\/rbac\/\">Kubernetes RBAC<\/a> provides the ability to control who can access each API resource, with what kind of access. You can use RBAC for both human (individual or groups) and non-human users (service accounts) to define their types of access to various Kubernetes resources.\u00a0<\/p>\n\n\n\n<p>For example there are the 3 different environments called Dev, Staging and Production, which have to be given access to the team such as developers, DevOps, SREs, App owner, product managers.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"483\" src=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/Practicing-RBAC-in-Kubernetes-for-various-environment-1024x483.png\" alt=\"Practicing RBAC in Kubernetes for various environment\" class=\"wp-image-1522\" srcset=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/Practicing-RBAC-in-Kubernetes-for-various-environment-1024x483.png 1024w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/Practicing-RBAC-in-Kubernetes-for-various-environment-300x141.png 300w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/Practicing-RBAC-in-Kubernetes-for-various-environment-768x362.png 768w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/Practicing-RBAC-in-Kubernetes-for-various-environment-1536x724.png 1536w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/Practicing-RBAC-in-Kubernetes-for-various-environment-400x189.png 400w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/Practicing-RBAC-in-Kubernetes-for-various-environment-800x377.png 800w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/Practicing-RBAC-in-Kubernetes-for-various-environment-1160x547.png 1160w, https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/Practicing-RBAC-in-Kubernetes-for-various-environment.png 1788w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Before we get started we would like to stress that we will treat users and service accounts as the same, from a level of abstraction- every request either from a user or a service account is finally an HTTP request. Yes we understand <a href=\"https:\/\/kubernetes.io\/docs\/reference\/access-authn-authz\/service-accounts-admin\/#user-accounts-versus-service-accounts\">users and service accounts&nbsp; (for non-human users) are different<\/a> in nature in Kubernetes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to enable Kubernetes RBAC<\/h2>\n\n\n\n<p>One can enable RBAC in Kubernetes by starting the API server with authorization-mode flag on. Kubernetes resources used to apply RBAC on users are:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Role,&nbsp;<\/li>\n\n\n\n<li>ClusterRole,<\/li>\n\n\n\n<li>RoleBinding,<\/li>\n\n\n\n<li>ClusterRoleBinding<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service Account<\/h3>\n\n\n\n<p>To manage users Kubernetes provides an authentication mechanism, but it is usually advisable to integrate Kubernetes with your enterprise identity management for users such as Active Directory or LDAP. When it comes to non-human users (or machines or services) in a Kubernetes cluster then the concept of Service Account comes into picture.&nbsp;<\/p>\n\n\n\n<p>For e.g. The Kubernetes resources need to be accessed by a CD application such as Spinnaker or Argo to deploy applications, or one pod of a service A needs to talk to another pod of service B. In such cases Service Account is used to create an account of a non-human user, and specify required authorization ( using RolesBinding or ClusterRoleBinding).<\/p>\n\n\n\n<p>You can create Service Account by creating a yaml like below:<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background\"><code>apiVersion: v1\nkind: ServiceAccount\nmetadata:\n&nbsp; name: nginx-saspec:&nbsp;automountServiceAccountToken: false<\/code><\/pre>\n\n\n\n<p>And then apply it.&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background\"><code>$ kubectl apply -f nginx-sa.yaml\nserviceaccount\/nginx-sa created<\/code><\/pre>\n\n\n\n<p>And now you have to ServiceAccount for pods in the Deployments resource.<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background\"><code>apiVersion: apps\/v1\nkind: Deployment\nmetadata:\n  name: nginx1\n  labels:\n    app: nginx1\nspec:\n  replicas: 2\n  selector:\n    matchLabels:\n      app: nginx1\n  template:\n    metadata:\n      labels:\n        app: nginx1\n    spec:\n      serviceAccountName: nginx-sa\n      containers:\n      - name: nginx1\n        image: nginx\n        ports:\n        - containerPort: 80<\/code><\/pre>\n\n\n\n<p>In case you don&#8217;t specify about <strong><em>serviceAccountName <\/em><\/strong>in the Deployment resources then the pods will belong to \u2018default\u2019 Service Account. Note, there is the default Service Account for&nbsp; each namespace and one for clusters. And all the default authorization policies as per the default Service Account will be applied to the pods where Service Account info is not mentioned.&nbsp;<\/p>\n\n\n\n<p>In the next section, we will see how to assign various permissions to a Service Account using RoleBinding and ClusterRoleBinding.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Role and ClusterRole<\/h3>\n\n\n\n<p>Roles and ClusterRoles are the Kubernetes resources used to define the list of actions a user can perform within a namespace or a cluster respectively.&nbsp;<\/p>\n\n\n\n<p>In Kubernetes the actors such as users, group or ServiceAccount are called <strong>subjects<\/strong>. The actions that a subject can take such as create, read, write, update, and delete are called <strong>verbs<\/strong>.&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background\"><code>apiVersion: rbac.authorization.k8s.io\/v1\nkind: Role\nmetadata:\n  name: read-only\n  namespace: dev-namespace\nrules:\n- apiGroups:\n  - \"\"\n  resources: &#91;\"*\"]\n  verbs:\n  - get\n  - list\n  - watch<\/code><\/pre>\n\n\n\n<p>In the above Role resource, we have specified that the \u2018read-only\u2019 role is only applicable to deb-ns namespace and to all the resources inside the namespace. Any ServiceAccount or users which would be bound to \u2018read-only\u2019&nbsp; role can take these actions- get, list and watch.&nbsp;<\/p>\n\n\n\n<p>Similarly the ClusterRole resource will allow you to create roles pertinent to clusters. Example given below:<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background\"><code>apiVersion: rbac.authorization.k8s.io\/v1\nkind: ClusterRole\nmetadata:\nname: chief-role\nrules:\n- apiGroups:\n- \"\"\nresources: &#91;\"*\"]\nverbs:\n- get\n- list\n- watch\n- create\n- update\n- patch\n- delete<\/code><\/pre>\n\n\n\n<p>Any user\/group\/ServiceAccount bound to <strong>chief-role<\/strong> will be able to take any action in the cluster.&nbsp;<\/p>\n\n\n\n<p><br>In the next section we will see how to grant roles to subjects using <strong>RoleBinding<\/strong> and <strong>ClusterRoleBinding<\/strong>.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Also note, Kubernetes allows you to configure custom roles using Role resource or use default user-facing roles such as the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cluster-admin<\/strong>: For cluster administrators, Kubernetes provides a \u201csuperuser\u201d Role. The Cluster admin can perform any action on any resource in a cluster. One can use \u2018superuser\u2019 in a ClusterRoleBinding to grant full control over every resource in the cluster (and in all namespaces) or in a RoleBinding to grant full control over every resource in the respective namespace.<\/li>\n\n\n\n<li><strong>Admin<\/strong>: Kubernetes provide \u2018admin\u2019 Role to permit unlimited read\/write access to resources within a namespace. \u2018admin\u2019 role can create roles and role bindings within a particular namespace. It does not permit write access to the namespace itself. This can be used in the RoleBinding resource.&nbsp;<\/li>\n\n\n\n<li><strong>Edit<\/strong>: \u2018edit\u2019 role grants read\/write access within a given Kubernetes namespace. It cannot view or modify roles or role bindings.&nbsp;<\/li>\n\n\n\n<li><strong>View<\/strong>: \u2018view\u2019 role allows read-only access within a given namespace. It does not allow viewing or modifying of roles or role bindings.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">RoleBinding and ClusterRoleBinding&nbsp;<\/h3>\n\n\n\n<p>To apply the Role to a subject (user\/group\/ServiceAccount), you must define a RoleBinding. This will give the user least privilege access to required resources within the namespace with the permissions defined in the Role configuration.&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background\"><code>apiVersion: rbac.authorization.k8s.io\/v1beta1\nkind: RoleBinding\nmetadata:\n  name: Role-binding-dev\nroleRef:\n  kind: Role\n  name: read-only #The role name you defined in the Role configuration\n  apiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: User\n  name: Roy #The name of the user to give the role to\n  apiGroup: rbac.authorization.k8s.io\n- kind: ServiceAccount\n  name: nginx-sa#The name of the ServiceAccount to give the role to\n  apiGroup: rbac.authorization.k8s.io<\/code><\/pre>\n\n\n\n<p>Similarly, ClusterRoleBinding resources can be created to define the Roles to users. Note we have used the default \u2018superuser\u2019 ClusterRole reference provided by Kuebrnetes instead of using our custom role. This can be applied to cluster administrators.&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-black-background-color has-text-color has-background\"><code>apiVersion: rbac.authorization.k8s.io\/v1beta1\nkind: ClusterRoleBinding\nmetadata:\nname: superuser-binding\nroleRef:\nkind: ClusterRole\nname: superuser\napiGroup: rbac.authorization.k8s.io\nsubjects:\n- kind: User\nname: Aditi\napiGroup: rbac.authorization.k8s.io<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Benefits of Kubernetes RBAC<\/h2>\n\n\n\n<p>The advantage of Kubernetes RBAC is it allows you to \u201cnatively\u201d implement least privileges to various users and machines in your cluster. The key benefits are:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Proper Authorization&nbsp;<\/h3>\n\n\n\n<p>With least privileges to various users and Service Accounts to Kubernetes resources, DevOps and architects can implement one of the main pillars of <a href=\"https:\/\/imesh.ai\/blog\/top-10-pillars-of-zero-trust-network\/\">zero trust<\/a>. Organizations can reduce the risk of data breaches and data leakage, and also avoid internal employees accidentally deleting or manipulating any critical resources.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Separation of Duties<\/h3>\n\n\n\n<p>Applying RBAC on Kubernetes resources will always facilitate separation of duties of users such as developers, DevOps, testers, SREs, etc in an organization. For e.g. for creating\/deleting a new resource in dev environment, developers should not depend on admin. Similarly deploying new applications into test servers and deleting the pods after testing should not be a bottleneck for DevOps or testers. Applying authorization and permissions to users such as developers and CI\/CD deployment agents into respective workspaces (say namespaces or clusters) will decrease the dependencies and cut the slack.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">100% adherence to compliance<\/h3>\n\n\n\n<p>Many industry regulations such as HIPAA, GDPR, SOX, etc, demand tight authentication and authorization mechanisms in the software field. Using Kubernetes RBAC, DevOps and architects can quickly implement RBAC into their Kubernetes cluster and improve their posture to adhere to those standards.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Disadvantages of Kubernetes RBAC<\/h2>\n\n\n\n<p>For small and medium enterprises using Kubernetes RBAC is justified, but it is not advisable to use Kubernetes RBAC for the below reasons:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>There can be many users and machines and applying Kubernetes RBAC can be cumbersome to implement and maintain.&nbsp;<\/li>\n\n\n\n<li>Granular visibility of who performed what operation is difficult. For e.g. large enterprises would require information such as violations or malicious attempts against RBAC permissions.&nbsp;&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">RBAC implementation in Kubernetes using Istio service mesh<\/h2>\n\n\n\n<p><a href=\"https:\/\/imesh.ai\/blog\/what-is-istio\/\">Istio is an open-source service mesh software<\/a> that helps DevOps, architects, and SREs simplify the traffic management, security, and observability of microservices in the cloud.&nbsp;<\/p>\n\n\n\n<p>Istio can also help DevOps and architects implement RBAC and multi-tenancy. However, there can be easy-to-complicated scenarios:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Single cluster-multiple namespace<\/li>\n\n\n\n<li>Multicluster-multiple namespaces<\/li>\n\n\n\n<li>Multicloud-multiple cluster (multiple namespaces)<\/li>\n<\/ol>\n\n\n\n<p>I have covered a blog explaining the above 3 scenarios and how to implement RBAC in each of them using Istio, in detail. Check it out here: <a href=\"https:\/\/imesh.ai\/blog\/implementing-stronger-rbac-and-multitenancy-in-kubernetes-using-istio\/\">Implementing stronger RBAC and Multitenancy in Kubernetes using Istio<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is Kubernetes RBAC Often when organizations start their Kubernetes journey, they<span class=\"excerpt-more\"><\/span><\/p>\n","protected":false},"author":4,"featured_media":1486,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[57,67,69],"class_list":["post-1484","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-kubernetes","tag-rbac","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Kubernetes RBAC: Roles, Benefits, Limitations, Implementation<\/title>\n<meta name=\"description\" content=\"Understand Kubernetes Role-Based Access Control (RBAC), how to enable it, and its benefits and limitations in securing K8s resources.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kubernetes RBAC: Roles, Benefits, Limitations, Implementation\" \/>\n<meta property=\"og:description\" content=\"Understand Kubernetes Role-Based Access Control (RBAC), how to enable it, and its benefits and limitations in securing K8s resources.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/\" \/>\n<meta property=\"og:site_name\" content=\"IMESH\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-25T08:38:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-11T02:08:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Debasree Panda\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Debasree Panda\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/\"},\"author\":{\"name\":\"Debasree Panda\",\"@id\":\"https:\/\/imesh.ai\/blog\/#\/schema\/person\/b881b4a1c269b625dc91af0896f8036f\"},\"headline\":\"Kubernetes RBAC: Roles, Benefits, Limitations, Implementation\",\"datePublished\":\"2023-08-25T08:38:36+00:00\",\"dateModified\":\"2024-01-11T02:08:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/\"},\"wordCount\":1251,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/imesh.ai\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png\",\"keywords\":[\"kubernetes\",\"RBAC\",\"security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/\",\"url\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/\",\"name\":\"Kubernetes RBAC: Roles, Benefits, Limitations, Implementation\",\"isPartOf\":{\"@id\":\"https:\/\/imesh.ai\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png\",\"datePublished\":\"2023-08-25T08:38:36+00:00\",\"dateModified\":\"2024-01-11T02:08:30+00:00\",\"description\":\"Understand Kubernetes Role-Based Access Control (RBAC), how to enable it, and its benefits and limitations in securing K8s resources.\",\"breadcrumb\":{\"@id\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#primaryimage\",\"url\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png\",\"contentUrl\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png\",\"width\":1280,\"height\":720,\"caption\":\"What is Kubernetes RBAC and why do we need them\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/imesh.ai\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kubernetes RBAC: Roles, Benefits, Limitations, Implementation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/imesh.ai\/blog\/#website\",\"url\":\"https:\/\/imesh.ai\/blog\/\",\"name\":\"IMESH Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/imesh.ai\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/imesh.ai\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/imesh.ai\/blog\/#organization\",\"name\":\"IMESH\",\"url\":\"https:\/\/imesh.ai\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/imesh.ai\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-scaled.jpg\",\"contentUrl\":\"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-scaled.jpg\",\"width\":2560,\"height\":1665,\"caption\":\"IMESH\"},\"image\":{\"@id\":\"https:\/\/imesh.ai\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/imeshai\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/imesh.ai\/blog\/#\/schema\/person\/b881b4a1c269b625dc91af0896f8036f\",\"name\":\"Debasree Panda\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/imesh.ai\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1e02eb18435bad3283b1f03e1bf22de74113e9760ab00e90c41e539df347cd3d?s=96&d=wp_user_avatar&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1e02eb18435bad3283b1f03e1bf22de74113e9760ab00e90c41e539df347cd3d?s=96&d=wp_user_avatar&r=g\",\"caption\":\"Debasree Panda\"},\"description\":\"Debasree is the CEO of IMESH. He understands customer pain points in cloud and microservice architecture. Previously, he led product marketing and market research teams at Digitate and OpsMx, where he had created a multi-million dollar sales pipeline. He has helped open-source solution providers- Tetrate, OtterTune, and Devtron- design GTM from scratch and achieve product-led growth. He firmly believes serendipity happens to diligent and righteous people.\",\"sameAs\":[\"https:\/\/imesh.ai\"],\"url\":\"https:\/\/imesh.ai\/blog\/author\/debasreeimesh-ai\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kubernetes RBAC: Roles, Benefits, Limitations, Implementation","description":"Understand Kubernetes Role-Based Access Control (RBAC), how to enable it, and its benefits and limitations in securing K8s resources.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/","og_locale":"en_US","og_type":"article","og_title":"Kubernetes RBAC: Roles, Benefits, Limitations, Implementation","og_description":"Understand Kubernetes Role-Based Access Control (RBAC), how to enable it, and its benefits and limitations in securing K8s resources.","og_url":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/","og_site_name":"IMESH","article_published_time":"2023-08-25T08:38:36+00:00","article_modified_time":"2024-01-11T02:08:30+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png","type":"image\/png"}],"author":"Debasree Panda","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Debasree Panda","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#article","isPartOf":{"@id":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/"},"author":{"name":"Debasree Panda","@id":"https:\/\/imesh.ai\/blog\/#\/schema\/person\/b881b4a1c269b625dc91af0896f8036f"},"headline":"Kubernetes RBAC: Roles, Benefits, Limitations, Implementation","datePublished":"2023-08-25T08:38:36+00:00","dateModified":"2024-01-11T02:08:30+00:00","mainEntityOfPage":{"@id":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/"},"wordCount":1251,"commentCount":0,"publisher":{"@id":"https:\/\/imesh.ai\/blog\/#organization"},"image":{"@id":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#primaryimage"},"thumbnailUrl":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png","keywords":["kubernetes","RBAC","security"],"articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/","url":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/","name":"Kubernetes RBAC: Roles, Benefits, Limitations, Implementation","isPartOf":{"@id":"https:\/\/imesh.ai\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#primaryimage"},"image":{"@id":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#primaryimage"},"thumbnailUrl":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png","datePublished":"2023-08-25T08:38:36+00:00","dateModified":"2024-01-11T02:08:30+00:00","description":"Understand Kubernetes Role-Based Access Control (RBAC), how to enable it, and its benefits and limitations in securing K8s resources.","breadcrumb":{"@id":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#primaryimage","url":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png","contentUrl":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png","width":1280,"height":720,"caption":"What is Kubernetes RBAC and why do we need them"},{"@type":"BreadcrumbList","@id":"https:\/\/imesh.ai\/blog\/what-is-kubernetes-rbac-and-why-do-you-need-it\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/imesh.ai\/blog\/"},{"@type":"ListItem","position":2,"name":"Kubernetes RBAC: Roles, Benefits, Limitations, Implementation"}]},{"@type":"WebSite","@id":"https:\/\/imesh.ai\/blog\/#website","url":"https:\/\/imesh.ai\/blog\/","name":"IMESH Blog","description":"","publisher":{"@id":"https:\/\/imesh.ai\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/imesh.ai\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/imesh.ai\/blog\/#organization","name":"IMESH","url":"https:\/\/imesh.ai\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/imesh.ai\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-scaled.jpg","contentUrl":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/03\/IMESH-LOGO-scaled.jpg","width":2560,"height":1665,"caption":"IMESH"},"image":{"@id":"https:\/\/imesh.ai\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/imeshai"]},{"@type":"Person","@id":"https:\/\/imesh.ai\/blog\/#\/schema\/person\/b881b4a1c269b625dc91af0896f8036f","name":"Debasree Panda","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/imesh.ai\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1e02eb18435bad3283b1f03e1bf22de74113e9760ab00e90c41e539df347cd3d?s=96&d=wp_user_avatar&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1e02eb18435bad3283b1f03e1bf22de74113e9760ab00e90c41e539df347cd3d?s=96&d=wp_user_avatar&r=g","caption":"Debasree Panda"},"description":"Debasree is the CEO of IMESH. He understands customer pain points in cloud and microservice architecture. Previously, he led product marketing and market research teams at Digitate and OpsMx, where he had created a multi-million dollar sales pipeline. He has helped open-source solution providers- Tetrate, OtterTune, and Devtron- design GTM from scratch and achieve product-led growth. He firmly believes serendipity happens to diligent and righteous people.","sameAs":["https:\/\/imesh.ai"],"url":"https:\/\/imesh.ai\/blog\/author\/debasreeimesh-ai\/"}]}},"jetpack_featured_media_url":"https:\/\/imesh.ai\/blog\/wp-content\/uploads\/2023\/08\/What-is-Kubernetes-RBAC-and-why-do-we-need-them.png","_links":{"self":[{"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/posts\/1484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/comments?post=1484"}],"version-history":[{"count":9,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/posts\/1484\/revisions"}],"predecessor-version":[{"id":1849,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/posts\/1484\/revisions\/1849"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/media\/1486"}],"wp:attachment":[{"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/media?parent=1484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/categories?post=1484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/imesh.ai\/blog\/wp-json\/wp\/v2\/tags?post=1484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}