CODEX
How to assign Role-based Access in GCP Kubernetes Engine
While role-based access control (RBAC) resource definitions are standard across all Kubernetes platforms, their interaction with underlying authentication and authorization providers needs to be understood when building on any cloud provider.
RBAC is a powerful security mechanism that provides great flexibility in how you restrict operations within a cluster. In this tutorial you will learn:
- Assigning different permissions to user personas, namely owners and auditors.
- Granting limited API access to an application running within your cluster.
Architecture
You will provision two service accounts to represent user personas and three namespaces: dev, test, and prod. The “owner” persona will have read-write access to all three namespaces, while the “auditor” persona will have read-only access and be restricted to the dev namespace.
Setup
Clone the resources needed for this lab by running:
git clone https://github.com/GoogleCloudPlatform/gke-rbac-demo.git
