Posts

Showing posts with the label Kubernetes Security

Kubernetes security - Service accounts

Image
In this post we are going to learn more  about what is service accounts in Kubernetes and how that is useful. Prerequisites Kubernetes cluster Up and running Let's take the scenario where we get need to connect with the pods, nodes, deployments and other resources in the Kubernetes cluster. you might be working with the automated build with the CICD pipelines to interconnect with each other resources. Pod  is going to work with the planned application deployments. If  you're working in DevSecOps you need to focus on the regular monthly maintenance OS  patching scheduled in this case Kubernetes node maintenance should be done from a pod.  In the above two scenarios there is a need of service account inside the pod. When Kubernetes cluster is created at the same time service account also created and its name is default . We can also create our own service accounts using the following command Every service account is associated with the secret wh...

Kubernetes Security - ClusterRoles and ClusterRoleBindings

Image
Hello in this post we will explore about ClusterRoles and ClusterRoleBindings on Kubernetes Cluster. The ClusterRoleBindings are mapping a subjects with ClusterRole. Here Subjects are nothing but rules that can be applicable with an action on the Cluster resources. It deals with Users, Groups and service accounts. In this post we will try to focus with 'User' specific rules. Kubernetes User Access Control with ClusterRoleBindings to ClusterRole   Prerequisite:  1. Kubernetes Cluster up and running  2. Basic understand on RBAC These system related resources such as pods, nodes, storage etcs will be administrated using ClusterRole and ClusterRoleBindings by assigning to a user.   To list the ClusterRoles in the Kubernetes cluster kubectl get clusterrole # Get the Count kubectl get clusterrole --no-headers |wc -l To know about the api-resources that have clusterrole and clusterrolebindings. k api-resources |grep cluster To veiew the clusterrolebindings availabl...