Controlling Access in Kubernetes with RBAC

30 minutes
  • 2 Learning Objectives

About this Hands-on Lab

Role-based access control is an important component when it comes to managing a Kubernetes cluster securely. The more users and automated processes there are that need to interface with the Kubernetes API, the more important controlling access becomes. In this lab, you will have the opportunity to practice your skills with the Kubernetes RBAC system by implementing your own RBAC permissions to appropriately limit user access.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a Role for the `dev` User

Create a role called pod-reader. Provide it with read access to pods and container logs in the beebox-mobile namespace.

Bind the Role to the `dev` User and Verify Your Setup Works

Create a RoleBinding to bind the pod-reader role to the dev user. Interact with pods in the beebox-mobile namespace to make sure you can read pod metadata and container logs as the dev user but not make any changes.

Additional Resources

You are working for BeeBox, a company that provides regular shipments of bees to customers. The company is in the process of building a Kubernetes-based infrastructure for some of their software.

Your developers frequently request that you provide information from the Kubernetes cluster, so you would like to give them the ability to read data from the cluster but not make any changes to it. Using Kubernetes role-based access control, ensure the dev user can read pod metadata and container logs from any pod in the beebox-mobile namespace.

A kubeconfig file for the dev user has already been created on the server. You can use this file to test your RBAC setup as the dev user like so:

kubectl get pods -n beebox-mobile --kubeconfig /home/cloud_user/dev-k8s-config

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?