Source: thenewstack.io
7 Expert Strategies for Managing RBAC on OpenShift
With the rise of containerization and cloud-based computing, securing infrastructure and managing fine-grained access control can be a significant challenge for organizations using https://www.openshift.com/try?utm_content=inline-mention This platform provides a vast array of tools and features, but maintaining tight security standards means managing access and permissions at a granular level. Authorization in OpenShift is managed using role-based access control (RBAC).
The role only has access to the get, watch and list verbs for the pods and services resources.
Here’s another example: kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: admin-role namespace: dev rules: - apiGroups: [""] resources: ["pods", "services", "replicationcontrollers", "configmaps", "secrets"] verbs: ["get", "watch", "list", "create", "update", "delete"]
In this example, the pod-reader role has get, watch and list permissions on the pods resource in the my-namespace namespace.
The role only has access to the get, watch and list verbs for the pods and services resources.
Here’s another example: kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: admin-role namespace: dev rules: - apiGroups: [""] resources: ["pods", "services", "replicationcontrollers", "configmaps", "secrets"] verbs: ["get", "watch", "list", "create", "update", "delete"]
In this example, the pod-reader role has get, watch and list permissions on the pods resource in the my-namespace namespace.
Related Articles
Community Partners
DevOps Careers