Security and RBAC

Security in Kubernetes involves managing permissions, roles, and network policies to ensure that only authorized users and services can access resources and perform actions within the cluster. Here are the key imperative commands to manage security-related resources:

Create Role

Creates a role with specific permissions (verbs) for a given resource. Roles are namespaced.

kubectl create role <role-name> --verb=<verb> --resource=<resource>

Get Role

Lists all roles in the current namespace.

kubectl get roles

Describe Role

Displays detailed information about a specific role, including the permissions it grants.

kubectl describe role <role-name>

Delete Role

Deletes a specific role from the current namespace.

kubectl delete role <role-name>

Create Role Binding

Binds a role to a user, granting them the permissions defined in the role within a namespace.

kubectl create rolebinding <binding-name> --role=<role-name> --user=<user>

Get Role Binding

Lists all role bindings in the current namespace.

kubectl get rolebindings

Describe Role Binding

Displays detailed information about a specific role binding, including the role it references and the subjects it binds to.

kubectl describe rolebinding <binding-name>

Delete Role Binding

Deletes a specific role binding from the current namespace.

kubectl delete rolebinding <binding-name>

Create ClusterRole

Creates a cluster-wide role with specific permissions for a given resource.

kubectl create clusterrole <role-name> --verb=<verb> --resource=<resource>

Get ClusterRole

Lists all cluster roles in the cluster.

kubectl get clusterroles

Describe ClusterRole

Displays detailed information about a specific cluster role, including the permissions it grants.

kubectl describe clusterrole <role-name>

Delete ClusterRole

Deletes a specific cluster role from the cluster.

kubectl delete clusterrole <role-name>

Create ClusterRole Binding

Binds a cluster role to a user, granting them the permissions defined in the role cluster-wide.

kubectl create clusterrolebinding <binding-name> --clusterrole=<role-name> --user=<user>

Get ClusterRole Binding

Lists all cluster role bindings in the cluster.

kubectl get clusterrolebindings

Describe ClusterRole Binding

Displays detailed information about a specific cluster role binding, including the role it references and the subjects it binds to.

kubectl describe clusterrolebinding <binding-name>

Delete ClusterRole Binding

Deletes a specific cluster role binding from the cluster.

kubectl delete clusterrolebinding <binding-name>

Create Service Account

Creates a new service account in the current namespace.

kubectl create serviceaccount <name>

Get Service Account

Lists all service accounts in the current namespace.

kubectl get serviceaccounts

Describe Service Account

Displays detailed information about a specific service account.

kubectl describe serviceaccount <name>

Delete Service Account

Deletes a specific service account from the current namespace.

kubectl delete serviceaccount <name>