Role based access control - RBAC - Kubernetes

Jun 25, 20193 likes561 views

This document discusses Role Based Access Control (RBAC) in Kubernetes. It begins with an introduction of the speaker and then provides an overview of RBAC including roles, bindings, and how authentication works. It demonstrates how to configure RBAC and manage users through extensions like Auth0 to restrict access at the namespace and cluster level. The speaker then shows a demo of setting up RBAC roles and bindings in a Minikube cluster to configure secure access to the Kubernetes dashboard.

Kubernetes
Role Based Access Control (RBAC)
RBAC

About Me
Milan Das
https://github.com/dmilan77/kubernetes-rbac-presentation
Cloud Solution Architect (Equifax)
&
Photographer (when not working)
https://www.linkedin.com/in/milandas/

Milan Das
● Love to code (Java, Python, Scala, Spark)
● My Journey
○ Started with Java
○ IBM Middleware MQ/ETL
○ Camel ESB
○ BPM
○ Bigdata
○ Reactive Microservices : Akka, Domain Driven Design,
○ Cloud & Kubernetes
● My Son is 9 Years old. He plays Cricket
● Equifax: Data is our gold

Real Life Role Based Access (Driving a CDL)
Who Are You
Is Valid License ?
AuthN AuthZ
Identify Restictions
Assign car

RBAC in one-slide
RBAC is set of rules to map allowed operations on set of resources in a namespace (ns1) or cluster

Authorization and RBAC
● Default: Deny ALL
● Contains Subject-Verb-Resource-Namespace

Roles Vs Binding
● Role contains rules that represent a set of permissions.
● Binding grants the permissions deﬁned in a role to a user or set of users
● Two types of roles/bindings:
○ Roles/RoleBinding: Scope is Namespace level
○ ClusterRoles/ClusterRoleBinding : Scope at cluster level.

Binding Example
RoleBinding ClusterRoleBinding

User Management in Kubernetes ?
Expectation:
kubectl create user john
Kubectl create group adminns1
Kubectl add john to adminns1

No User Management in Kubernetes
Expectation:
kubectl create user john
Kubectl create group adminns1
Kubectl add john to adminns1

How to manage user ? User Plugin
● Certiﬁcate based Authentication (x509)
● Token based Authentication
● Basic Authentication
● OAuth2: OIDC
○ Third party: Dex, OpenUnison
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens

Auth0 Authentication
● A OpenID Connect provider similar to
○ Auth0, github, google, Ping, SecureAuth, ADFS, Azure Active Directory
● The authentication ﬂow looks like:
○ OAuth2 client logs a user in through Auth0.
○ That client uses the returned ID Token as a bearer token when talking to the Kubernetes API.
○ A claim designated as the username (and optionally group information) will be associated with that
request.

Demo time
Create RBAC based minikube cluster

Demo time: Conﬁgure Dashboard
● Conﬁguring Secrets kube-dashboard-secrets
● Setup a minikube kubernetes dashboard using : openresty-oidc
○ https://hub.docker.com/r/myobplatform/openresty-oidc/

Demo time: Create RBAC role-bindings
● Create namespaces: ns1-namespace, ns2-namespace
● Deploy Role bindings:
○ ClusterRoleBinding (k8s-admin)
○ RoleBinding (ns1)
○ RoleBinding(ns2)
● Create user in auth0

Useful Links
https://aaronparecki.com/oauth-2-simplified/
https://github.com/dmilan77/kubernetes-rbac-presentation
https://jwt.io/
https://github.com/pvdvreede/kubernetes-auth-presentation/blob/master/PITCHME.md
https://www.youtube.com/watch?v=CnHTCTP8d48&t=1200s

Role based access control - RBAC - Kubernetes

Incredibly powerful and flexible, Kubernetes role-based access control (RBAC) is an essential tool to effectively manage production clusters. Yet many Ops and DevOps engineers are still facing barriers to efficiently use it at scale. These include a steep learning curve, YAML-based configuration, lack of standardized best practices, and the general complexity of this functionality at large -- it truly can be somewhat overwhelming. During this meetup Oleg, CTO at Kublr, will discuss Kubernetes RBAC concepts and objects. He'll explore different use cases ranging from simple permission management for in-cluster application accounts to integrations with external identity providers for SSO and enterprise user access management. Leveraging the Kublr Platform, Oleg will demonstrate how it simplifies the management of access and RBAC rules in a cloud native environment while staying vendor-independent and compatible with any Kubernetes distribution.

Secure your app with keycloakGuy Marom

Kubernetes IntroductionEric Gustafson

Kubernetes is an open-source container cluster manager that was originally developed by Google. It was created as a rewrite of Google's internal Borg system using Go. Kubernetes aims to provide a declarative deployment and management of containerized applications and services. It facilitates both automatic bin packing as well as self-healing of applications. Some key features include horizontal pod autoscaling, load balancing, rolling updates, and application lifecycle management.

User authentication and authorizarion in KubernetesNeependra Khare

This document discusses user authentication and authorization in Kubernetes. It describes how Kubernetes uses external services like Active Directory and LDAP for user authentication. It also explains the different types of users in Kubernetes including normal users, service accounts, and how kubeconfig files are used. The main authorization mechanism in Kubernetes is Role-Based Access Control (RBAC) which uses roles and role bindings to control access to Kubernetes API resources and operations.

Kubernetes #4 volume & stateful setTerry Cho

Kubernetes can manage stateful applications using StatefulSets. StatefulSets ensure each Pod in the StatefulSet gets a persistent unique network identity, stable storage, and ordered deployment and scaling. When a Pod is removed from the StatefulSet through scaling in, its PersistentVolumeClaim and PersistentVolume are retained and not deleted so they can be mounted by new Pods. This allows each Pod's stateful data to persist independently of the Pod's lifetime.

(Draft) Kubernetes - A Comprehensive OverviewBob Killen

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery called pods. Its main components include a master node that manages the cluster and worker nodes that run the applications. It uses labels to organize resources and selectors to group related objects. Common concepts include pods, services for discovery/load balancing, replica controllers for scaling, and namespaces for isolation. It provides mechanisms for configuration, storage, security, and networking out of the box to ensure containers can run reliably and be easily managed at scale.

Kuberneteserialc_w

This document provides an overview of Kubernetes, a container orchestration system. It begins with background on Docker containers and orchestration tools prior to Kubernetes. It then covers key Kubernetes concepts including pods, labels, replication controllers, and services. Pods are the basic deployable unit in Kubernetes, while replication controllers ensure a specified number of pods are running. Services provide discovery and load balancing for pods. The document demonstrates how Kubernetes can be used to scale, upgrade, and rollback deployments through replication controllers and services.

Azure kubernetes service (aks)Akash Agrawal

This document provides an overview of Azure Kubernetes Service (AKS). It begins with introductions to containers and Kubernetes, then describes AKS's architecture and features. AKS allows users to quickly deploy and manage Kubernetes clusters on Azure without having to manage the master nodes. It reduces the operational complexity of running Kubernetes in production. The document outlines how to interact with AKS using the Azure portal, CLI, and ARM templates. It also lists AKS features like identity and access control, scaling, storage integration, and monitoring.

AKSgirish goudar

Introduction to kubernetesRaffaele Di Fazio

Kubernetes 101Crevise Technologies

Kubernetes is an open source container orchestration system that automates the deployment, maintenance, and scaling of containerized applications. It groups related containers into logical units called pods and handles scheduling pods onto nodes in a compute cluster while ensuring their desired state is maintained. Kubernetes uses concepts like labels and pods to organize containers that make up an application for easy management and discovery.

Scaling DevSecOps Culture for EnterpriseOpsta

We already seen the important and start to transform our organization to DevSecOps Culture to prepare response for quickly change in business. This session will explain how you can scale DevSecOps on Enterprise Organization from pilot team and project to org-wide adoption with 5 techniques. Youtube Recorded: https://youtu.be/7s-evWxFSIQ TechTalkThai Conference 2021: Enterprise Software Development on July 16, 2021

stupid-simple-kubernetes-final.pdfDaniloQueirozMota

In the era of Microservices, Cloud Computing and Serverless architecture, it’s useful to understand Kubernetes and learn how to use it. However, the official Kubernetes documentation can be hard to decipher, especially for newcomers. In this book, I will present a simplified view of Kubernetes and give examples of how to use it for deploying microservices using different cloud providers, including Azure, Amazon, Google Cloud and even IBM.

Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!

** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification ** This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session: 1. What is Kubernetes 2. Features of Kubernetes 3. Kubernetes Architecture and Its Components 4. Components of Master Node and Worker Node 5. ETCD 6. Network Setup Requirements DevOps Tutorial Blog Series: https://goo.gl/P0zAfF

Kubernetes #1 introTerry Cho

Kubernetes is an open-source container management platform. It has a master-node architecture with control plane components like the API server on the master and node components like kubelet and kube-proxy on nodes. Kubernetes uses pods as the basic building block, which can contain one or more containers. Services provide discovery and load balancing for pods. Deployments manage pods and replicasets and provide declarative updates. Key concepts include volumes for persistent storage, namespaces for tenant isolation, labels for object tagging, and selector matching.

Securing and Automating Kubernetes with KyvernoSaim Safder

Kyverno is a CNCF Sandbox Project Created by Nirmata. Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline. In this session Shuting Zhao and Jim Bugwadia, both of whom are Kyverno maintainers will provide an overview of Kyverno and describe how you can get started with using it.

Microservices Integration Patterns with KafkaKasun Indrasiri

Microservice composition or integration is probably the hardest thing in microservices architecture. Unlike conventional centralized ESB based integration, we need to leverage the smart-endpoints and dumb pipes terminology when it comes to integrating microservices. There two main microservices integration patterns; service orchestration (active integrations) and service choreography (reactive integration). In this talk, we will explore on, Microservice Orchestration, Microservice Choreography, Event Sourcing, CQRS and how Kafka can be leveraged to implement microservices composition

Efficient Kubernetes scaling using KarpenterMarko Bevc

Kubernetes doesn’t come with a built-in node autoscaling out of the box and as many other things it leaves it to the platform team to implement the appropriate strategy. Efficient node autoscaling is essential for ensuring that Kubernetes clusters can handle dynamic workloads and environments. In this talk, I will cover how Karpenter (an open-source node provisioning project) can be used to automate and manage Kubernetes nodes lifecycle by trying to make smarter decisions when it comes to right sizing your compute. It should result in improved resource utilization, reduced costs, and the ability to quickly and easily scale up or down based on workload demands compared to similar battle tested solutions. So does this really addresses all the scaling problems, what are still the gaps and how does it work in practice? I’ll also run a live demo to show how to use it and what to expect.

Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...Fwdays

The focus of the interactive demonstration includes: - Designing infrastructure for services in GCP and an on-premise data center - Setup of environments using Google Kubernetes Engine and GKE On-Prem - Configuration of Istio on GKE and launch of the demo application - A demonstration of A/B testing with a vote for the final production design of the hybrid cross-environment application. Target audience: CTOs, Architects, DevOps/System administrators.

A quick introduction to AKSAlessandro Melchiori

Kubernetes: An Introduction to the Open Source Container Orchestration PlatformMichael O'Sullivan

Originally designed by Google, Kubernetes is now an open-source platform that is used for managing applications deployed as containers across multiple hosts - now hosted under the Cloud Native Computing Foundation. It provides features for automating deployment, scaling, and maintaining these applications. Hosts are organised into clusters, and applications are deployed into these clusters as containers. Kubernetes is compatible with several container engines, notably Docker. The popularity of Kubernetes continues to increase as a result of the feature-rich tooling when compared to use of a container-engine alone, and a number of Cloud-based hosted solutions are now available, such as Google Kubernetes Engine, Amazon Elastic Container Service for Kubernetes, and IBM Cloud Container Service. This talk will provide an introduction to the Kubernetes platform, and a detailed view of the platform architecture from both the Control Plane and Worker-node perspectives. A walk-through demonstration will also be provided. Furthermore, two additional tools that support Kubernetes will be presented and demonstrated - Helm: a package manager solution which enables easy deployment of pre-built Kubernetes software using Helm Charts, and Istio: a platform in development that aims to simplify the management of micro-services deployed on the Kubernetes platform. Speaker Bio: Dr. Michael J. O'Sullivan is a Software Engineer working as part of the Cloud Foundation Services team for IBM Cloud Dedicated, in the IBM Cloud division in Cork. Michael has worked on both Delivery Pipeline/Deployment Automation and Performance Testing teams, which has resulted in daily exposure to customer deployments of IBM Cloud services such as the IBM Cloud Containers Service, and the IBM Cloud Logging and Metrics Services. Michael has also worked on deployment of these services to OpenStack and VMware platforms. Michael holds a PhD in Computer Science from University College Cork (2012 - 2015), where, under the supervision of Dr. Dan Grigoras, engaged in research of Mobile Cloud Computing (MCC) - specifically, studying and implementing solutions for delivering seamless user experiences of MCC applications and services. Prior to this, Michael graduated with a 1st Class Honours Degree in Computer Science from University College Cork in 2012.

Kubernetes Secrets Management on Production with DemoOpsta

Keycloak SSO basicsJuan Vicente Herrera Ruiz de Alejo

Kubernetes for Beginners: An Introductory GuideBytemark

Kubernetes is an open-source tool for managing containerized workloads and services. It allows for deploying, maintaining, and scaling applications across clusters of servers. Kubernetes operates at the container level to automate tasks like deployment, availability, and load balancing. It uses a master-slave architecture with a master node controlling multiple worker nodes that host application pods, which are groups of containers that share resources. Kubernetes provides benefits like self-healing, high availability, simplified maintenance, and automatic scaling of containerized applications.

AnthosMeena Sambamurthy

Kubernetes - introductionSparkbit

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It coordinates activities across a cluster of machines by defining basic building blocks like pods (which contain containers), replication controllers (which ensure a specified number of pods are running), and services (which define logical groups of pods). Kubernetes provides tools for running applications locally on a single node as well as managing resources in the cluster, including creating, deleting, viewing, and updating resources from configuration files.

Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Edureka!

** Edureka DevOps Training : https://www.edureka.co/devops ** This Edureka Video on Docker vs VM (Virtual Machine) video compares the Major Differences between Docker and VM. Below are the topics covered in the video: 1. What is Virtual Machine? 2. Benefits of Virtual Machine 3. What are Docker Containers 4. Benefits of Docker Containers 5. Docker vs VM – Main Differences 6. Use Case Check our complete DevOps playlist here (includes all the videos mentioned in the video): http://goo.gl/O2vo13 Follow us to never miss an update in the future. Instagram: https://www.instagram.com/edureka_learning/ Facebook: https://www.facebook.com/edurekaIN/ Twitter: https://twitter.com/edurekain LinkedIn: https://www.linkedin.com/company/edureka

Building secure applications with keycloak Abhishek Koserwal

Introduction to kubernetesRishabh Indoria

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery called Pods. ReplicaSets ensure that a specified number of pod replicas are running at any given time. Key components include Pods, Services for enabling network access to applications, and Deployments to update Pods and manage releases.

RBAC in KuberetesKnoldus Inc.

More Related Content

What's hot (20)

AKSgirish goudar

Introduction to kubernetesRaffaele Di Fazio

Kubernetes 101Crevise Technologies

Scaling DevSecOps Culture for EnterpriseOpsta

stupid-simple-kubernetes-final.pdfDaniloQueirozMota

Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!

Kubernetes #1 introTerry Cho

Securing and Automating Kubernetes with KyvernoSaim Safder

Microservices Integration Patterns with KafkaKasun Indrasiri

Efficient Kubernetes scaling using KarpenterMarko Bevc

Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...Fwdays

A quick introduction to AKSAlessandro Melchiori

Kubernetes: An Introduction to the Open Source Container Orchestration PlatformMichael O'Sullivan

Kubernetes Secrets Management on Production with DemoOpsta

Keycloak SSO basicsJuan Vicente Herrera Ruiz de Alejo

Kubernetes for Beginners: An Introductory GuideBytemark

AnthosMeena Sambamurthy

Kubernetes - introductionSparkbit

Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Edureka!

Building secure applications with keycloak Abhishek Koserwal

AKSgirish goudar

Introduction to kubernetesRaffaele Di Fazio

Kubernetes 101Crevise Technologies

Scaling DevSecOps Culture for EnterpriseOpsta

stupid-simple-kubernetes-final.pdfDaniloQueirozMota

Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!

Kubernetes #1 introTerry Cho

Securing and Automating Kubernetes with KyvernoSaim Safder

Microservices Integration Patterns with KafkaKasun Indrasiri

Efficient Kubernetes scaling using KarpenterMarko Bevc

Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to s...Fwdays

A quick introduction to AKSAlessandro Melchiori

Kubernetes: An Introduction to the Open Source Container Orchestration PlatformMichael O'Sullivan

Kubernetes Secrets Management on Production with DemoOpsta

Keycloak SSO basicsJuan Vicente Herrera Ruiz de Alejo

Kubernetes for Beginners: An Introductory GuideBytemark

AnthosMeena Sambamurthy

Kubernetes - introductionSparkbit

Docker vs VM | | Containerization or Virtualization - The Differences | DevOp...Edureka!

Building secure applications with keycloak Abhishek Koserwal

Similar to Role based access control - RBAC - Kubernetes (20)

Introduction to kubernetesRishabh Indoria

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery called Pods. ReplicaSets ensure that a specified number of pod replicas are running at any given time. Key components include Pods, Services for enabling network access to applications, and Deployments to update Pods and manage releases.

RBAC in KuberetesKnoldus Inc.

Hardening Kubernetes ClusterKnoldus Inc.

Containers deployments in Kubernetes clusters create both familiar and new security challenges. Given the ephemeral nature of containers, the speed and agility goals of microservices architecture, a preliminary detection of potential risks, and early discovery of viable threats yield the best security outcomes. Successfully addressing the Kubernetes security challenges requires integrating security into each phase of the container lifecycle: build, deploy, and run. This webinar will throw light on how to: * Stay on top of ongoing Kubernetes hygiene by hardening your nodes, employing best practices * Implement role-based access control of users * Manage Kubernetes Secrets * Thwart an attack, with a live demo

Microservices with containers in the cloudEugene Fedorenko

This document provides an overview of developing, building, deploying, and running microservices using containers in the cloud. It discusses microservices and containers, how to build Docker containers, deploy containers to Kubernetes clusters in the cloud (OKE, AKS, GKE), and build, deploy and test using serverless functions. It provides examples of defining microservices as Kubernetes applications, configuring pods, services, ingress, and automating builds and deployments. Serverless platforms like AWS Lambda, Azure Functions, OpenWhisk, Fn are also briefly introduced.

ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...AWS User Group Kochi

Kubernetes security with AWSKasun Madura Rathnayaka

This document provides an overview of Kasun Madura Rathnayaka and his experience with Kubernetes and AWS. It then lists 10 best practices for securing Kubernetes clusters deployed on AWS: 1) Update Kubernetes to the latest stable version, 2) Harden node security, 3) Secure cloud metadata access, 4) Enable role-based access control, 5) Secure Tiller or Helm 3, 6) Secure container image and registry usage, 7) Assess container privileges, 8) Implement auditing and alerts, 9) Consider deployment and runtime security, and 10) Properly manage credentials and secrets. Specific techniques are provided for implementing each best practice.

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga

Now that we have passed “peak orchestrator” and as Kubernetes eats the world, we are left wondering: how secure is Kubernetes? Can we really run Google-style multi tenanted infrastructure safely? And how can we be sure what we configured yesterday will be in place tomorrow? In this talk we discuss: - the Kubernetes security landscape - risks, security models, and configuration best-practices - how to configure users and applications with least-privilege - how to isolate and segregate workloads and networks - hard and soft multi-tenancy - Continuous Security approaches to Kubernetes.

Getting started with google kubernetes engineShreya Pohekar

This document provides an overview of Google Kubernetes Engine. It begins with introductions and defines key concepts like virtualization, containerization, Docker, and Kubernetes. It then explains what Kubernetes is and how it can orchestrate container infrastructure on-premises or in the cloud. Various Kubernetes architecture elements are outlined like pods, replica sets, deployments, and services. Security features are also summarized, including pod security policies, network policies, and using security contexts. The document concludes with a demonstration of Kubernetes Engine.

Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesThomas Barlow

Kubernetes basics information along with stateful session infoKapildev292285

Kubernetes 101 for_penetration_testers_-_null_mumbain|u - The Open Security Community

This document provides an overview of Kubernetes and attacking Kubernetes clusters for penetration testers. It begins with introductions to containers, Kubernetes, and setting up a local Kubernetes cluster. It then covers a threat model for Kubernetes and describes an attacker's workflow against a cluster, including discovery, vulnerability testing, exploitation, and persistence. Specific attacks demonstrated include API server authorization testing, discovering exposed etcd and internal services, container escapes, and Helm Tiller privilege escalation. Resources for further learning are also provided.

Security considerations while deploying Containerized Applications by Neepend...Agile India

This document discusses various security considerations for containerized applications running on Kubernetes, including: - Scanning container images for vulnerabilities during the build process and signing images. - Ensuring container images are minimal in size by using smaller base images like Alpine Linux, running as a non-root user, and mounting the filesystem read-only. - Implementing role-based access control (RBAC) in Kubernetes using roles and role bindings to control access at the namespace and cluster level. - Auditing Kubernetes API access for security and compliance purposes. - Managing secrets securely using Kubernetes secrets rather than environment variables or volumes.

Kubernetes at (Organizational) ScaleJeff Zellner

This document summarizes a talk about Kubernetes at scale at DigitalOcean. It discusses how DigitalOcean initially used Kubernetes internally through a proprietary platform called DOCC, but has since opened access to Kubernetes and now manages it at a large scale across 20+ clusters. Key points include how they have transitioned to bare metal clusters for better performance and manage configuration of all clusters through a custom tool called Jackrackham.

Kubernetes - how to orchestrate containersinovex GmbH

Getting started with kubernetesBob Killen

Intro to kubernetesFaculty of Technical Sciences, University of Novi Sad

Production ready tooling for microservices on kubernetesChandresh Pancholi

This document provides an overview of various production-ready tools for building and managing microservices on Kubernetes, including tools for service discovery, request routing and load balancing, monitoring and visualization, configuration management, security, centralized logging, package management, and more. It discusses common tools like Prometheus, Kubernetes Ingress, ConfigMaps, and Istio, and also introduces tools like Kubeless, Kubewatch, and Kube-monkey.

Connect + Docker + AWS = Bitbucket PipelinesAtlassian

Nathan Burrell from Atlassian discusses how Connect, AWS, and Docker can be used together with Bitbucket Pipelines. Connect provides an integration point for third party services with Atlassian products. AWS is used to host and run microservices. Docker is utilized for containerization of services both locally during development and in production on AWS. The talk covers Connect descriptors, permissions, iFrames, and webhooks for integrating with Atlassian products, as well as how microservices are structured and interact with each other when run on AWS using services like DynamoDB, ECS, and SQS. Kubernetes is also mentioned for container management at scale. Security best practices when using Docker and Kubernetes in production are briefly discussed

网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...Xiaohui Chen

This document summarizes best practices for managing Kubernetes clusters and deploying containerized applications on Netease Cloud. It discusses implementing container networking in VPC, using cloud disks for storage, automating cluster creation, managing nodes, exposing services via ingress, extending ingress controllers, developing deployment pipelines with Helm, and managing application environments with operators. Overall principles and resources are also provided.

Kubernetes workshop -_the_basicsSjuul Janssen

This document provides an agenda and overview for a webinar on Kubernetes. The agenda includes an introduction to Kabisa, an introduction to Kubernetes concepts, and a hands-on Kubernetes workshop. Kabisa is introduced as a software development agency specialized in custom web and mobile app development with over 14 years of experience. Key Kubernetes concepts are then summarized, including clusters, nodes, pods, namespaces, replica sets, load balancers, and deployments. Finally, the hands-on workshop is outlined which will have participants claim a Kubernetes cluster and complete tasks like creating pods, services, and using deployments, environment variables, secrets, and config maps.

Introduction to kubernetesRishabh Indoria

RBAC in KuberetesKnoldus Inc.

Hardening Kubernetes ClusterKnoldus Inc.

Microservices with containers in the cloudEugene Fedorenko

ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...AWS User Group Kochi

Kubernetes security with AWSKasun Madura Rathnayaka

DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga

Getting started with google kubernetes engineShreya Pohekar

Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesThomas Barlow

Kubernetes basics information along with stateful session infoKapildev292285

Kubernetes 101 for_penetration_testers_-_null_mumbain|u - The Open Security Community

Security considerations while deploying Containerized Applications by Neepend...Agile India

Kubernetes at (Organizational) ScaleJeff Zellner

Kubernetes - how to orchestrate containersinovex GmbH

Getting started with kubernetesBob Killen

Intro to kubernetesFaculty of Technical Sciences, University of Novi Sad

Production ready tooling for microservices on kubernetesChandresh Pancholi

Connect + Docker + AWS = Bitbucket PipelinesAtlassian

网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...Xiaohui Chen

Kubernetes workshop -_the_basicsSjuul Janssen

Recently uploaded (20)

Special Meetup Edition - TDX Bengaluru Meetup #52.pptxshyamraj55

ThousandEyes Partner Innovation Updates for May 2025ThousandEyes

Generative Artificial Intelligence (GenAI) in BusinessDr. Tathagat Varma

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

I started my online journey with several hosting services before stumbling upon Ai EngineHost. At first, the idea of paying one fee and getting lifetime access seemed too good to pass up. The platform is built on reliable US-based servers, ensuring your projects run at high speeds and remain safe. Let me take you step by step through its benefits and features as I explain why this hosting solution is a perfect fit for digital entrepreneurs.

Quantum Computing Quick Research Guide by Arthur MorganArthur Morgan

This is a Quick Research Guide (QRG). QRGs include the following: - A brief, high-level overview of the QRG topic. - A milestone timeline for the QRG topic. - Links to various free online resource materials to provide a deeper dive into the QRG topic. - Conclusion and a recommendation for at least two books available in the SJPL system on the QRG topic. QRGs planned for the series: - Artificial Intelligence QRG - Quantum Computing QRG - Big Data Analytics QRG - Spacecraft Guidance, Navigation & Control QRG (coming 2026) - UK Home Computing & The Birth of ARM QRG (coming 2027) Any questions or comments? - Please contact Arthur Morgan at [email protected]. 100% human made.

Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company

Explore the benefits and features of advanced logistics management software for businesses in Riyadh. This guide delves into the latest technologies, from real-time tracking and route optimization to warehouse management and inventory control, helping businesses streamline their logistics operations and reduce costs. Learn how implementing the right software solution can enhance efficiency, improve customer satisfaction, and provide a competitive edge in the growing logistics sector of Riyadh.

Procurement Insights Cost To Value Guide.pptxJon Hansen

Cyber Awareness overview for 2025 month of securityriccardosl1

Mobile App Development Company in Saudi ArabiaSteve Jonas

EmizenTech is a globally recognized software development company, proudly serving businesses since 2013. With over 11+ years of industry experience and a team of 200+ skilled professionals, we have successfully delivered 1200+ projects across various sectors. As a leading Mobile App Development Company In Saudi Arabia we offer end-to-end solutions for iOS, Android, and cross-platform applications. Our apps are known for their user-friendly interfaces, scalability, high performance, and strong security features. We tailor each mobile application to meet the unique needs of different industries, ensuring a seamless user experience. EmizenTech is committed to turning your vision into a powerful digital product that drives growth, innovation, and long-term success in the competitive mobile landscape of Saudi Arabia.

Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...BookNet Canada

Book industry standards are evolving rapidly. In the first part of this session, we’ll share an overview of key developments from 2024 and the early months of 2025. Then, BookNet’s resident standards expert, Tom Richardson, and CEO, Lauren Stewart, have a forward-looking conversation about what’s next. Link to recording, presentation slides, and accompanying resource: https://bnctechforum.ca/sessions/standardsgoals-for-2025-standards-certification-roundup/ Presented by BookNet Canada on May 6, 2025 with support from the Department of Canadian Heritage.

Linux Professional Institute LPIC-1 Exam.pdfRHCSA Guru

Big Data Analytics Quick Research Guide by Arthur MorganArthur Morgan

How Can I use the AI Hype in my Business Context?Daniel Lehner

𝙄𝙨 𝘼𝙄 𝙟𝙪𝙨𝙩 𝙝𝙮𝙥𝙚? 𝙊𝙧 𝙞𝙨 𝙞𝙩 𝙩𝙝𝙚 𝙜𝙖𝙢𝙚 𝙘𝙝𝙖𝙣𝙜𝙚𝙧 𝙮𝙤𝙪𝙧 𝙗𝙪𝙨𝙞𝙣𝙚𝙨𝙨 𝙣𝙚𝙚𝙙𝙨? Everyone’s talking about AI but is anyone really using it to create real value? Most companies want to leverage AI. Few know 𝗵𝗼𝘄. ✅ What exactly should you ask to find real AI opportunities? ✅ Which AI techniques actually fit your business? ✅ Is your data even ready for AI? If you’re not sure, you’re not alone. This is a condensed version of the slides I presented at a Linkedin webinar for Tecnovy on 28.04.2025.

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

AI and Data Privacy in 2025: Global TrendsInData Labs

In this infographic, we explore how businesses can implement effective governance frameworks to address AI data privacy. Understanding it is crucial for developing effective strategies that ensure compliance, safeguard customer trust, and leverage AI responsibly. Equip yourself with insights that can drive informed decision-making and position your organization for success in the future of data privacy. This infographic contains: -AI and data privacy: Key findings -Statistics on AI data privacy in the today’s world -Tips on how to overcome data privacy challenges -Benefits of AI data security investments. Keep up-to-date on how AI is reshaping privacy standards and what this entails for both individuals and organizations.

What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat

The MCP (Model Context Protocol) is a framework designed to manage context and interaction within complex systems. This SlideShare presentation will provide a detailed overview of the MCP Model, its applications, and how it plays a crucial role in improving communication and decision-making in distributed systems. We will explore the key concepts behind the protocol, including the importance of context, data management, and how this model enhances system adaptability and responsiveness. Ideal for software developers, system architects, and IT professionals, this presentation will offer valuable insights into how the MCP Model can streamline workflows, improve efficiency, and create more intuitive systems for a wide range of use cases.

Drupalcamp Finland – Measuring Front-end Energy ConsumptionExove

How analogue intelligence complements AIPaul Rowe

Artificial Intelligence is providing benefits in many areas of work within the heritage sector, from image analysis, to ideas generation, and new research tools. However, it is more critical than ever for people, with analogue intelligence, to ensure the integrity and ethical use of AI. Including real people can improve the use of AI by identifying potential biases, cross-checking results, refining workflows, and providing contextual relevance to AI-driven results. News about the impact of AI often paints a rosy picture. In practice, there are many potential pitfalls. This presentation discusses these issues and looks at the role of analogue intelligence and analogue interfaces in providing the best results to our audiences. How do we deal with factually incorrect results? How do we get content generated that better reflects the diversity of our communities? What roles are there for physical, in-person experiences in the digital world?

Dev Dives: Automate and orchestrate your processes with UiPath MaestroUiPathCommunity

This session is designed to equip developers with the skills needed to build mission-critical, end-to-end processes that seamlessly orchestrate agents, people, and robots. 📕 Here's what you can expect: - Modeling: Build end-to-end processes using BPMN. - Implementing: Integrate agentic tasks, RPA, APIs, and advanced decisioning into processes. - Operating: Control process instances with rewind, replay, pause, and stop functions. - Monitoring: Use dashboards and embedded analytics for real-time insights into process instances. This webinar is a must-attend for developers looking to enhance their agentic automation skills and orchestrate robust, mission-critical processes. 👨‍🏫 Speaker: Andrei Vintila, Principal Product Manager @UiPath This session streamed live on April 29, 2025, 16:00 CET. Check out all our upcoming Dev Dives sessions at https://community.uipath.com/dev-dives-automation-developer-2025/.

#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025BookNet Canada

Book industry standards are evolving rapidly. In the first part of this session, we’ll share an overview of key developments from 2024 and the early months of 2025. Then, BookNet’s resident standards expert, Tom Richardson, and CEO, Lauren Stewart, have a forward-looking conversation about what’s next. Link to recording, transcript, and accompanying resource: https://bnctechforum.ca/sessions/standardsgoals-for-2025-standards-certification-roundup/ Presented by BookNet Canada on May 6, 2025 with support from the Department of Canadian Heritage.

Special Meetup Edition - TDX Bengaluru Meetup #52.pptxshyamraj55

ThousandEyes Partner Innovation Updates for May 2025ThousandEyes

Generative Artificial Intelligence (GenAI) in BusinessDr. Tathagat Varma

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

Quantum Computing Quick Research Guide by Arthur MorganArthur Morgan

Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company

Procurement Insights Cost To Value Guide.pptxJon Hansen

Cyber Awareness overview for 2025 month of securityriccardosl1

Mobile App Development Company in Saudi ArabiaSteve Jonas

Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...BookNet Canada

Linux Professional Institute LPIC-1 Exam.pdfRHCSA Guru

Big Data Analytics Quick Research Guide by Arthur MorganArthur Morgan

How Can I use the AI Hype in my Business Context?Daniel Lehner

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

AI and Data Privacy in 2025: Global TrendsInData Labs

What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat

Drupalcamp Finland – Measuring Front-end Energy ConsumptionExove

How analogue intelligence complements AIPaul Rowe

Dev Dives: Automate and orchestrate your processes with UiPath MaestroUiPathCommunity

#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025BookNet Canada

Role based access control - RBAC - Kubernetes

1. Kubernetes Role Based Access Control (RBAC) RBAC

2. About Me Milan Das https://github.com/dmilan77/kubernetes-rbac-presentation Cloud Solution Architect (Equifax) & Photographer (when not working) https://www.linkedin.com/in/milandas/

3. Milan Das ● Love to code (Java, Python, Scala, Spark) ● My Journey ○ Started with Java ○ IBM Middleware MQ/ETL ○ Camel ESB ○ BPM ○ Bigdata ○ Reactive Microservices : Akka, Domain Driven Design, ○ Cloud & Kubernetes ● My Son is 9 Years old. He plays Cricket ● Equifax: Data is our gold

4. Real Life Role Based Access (Driving a CDL) Who Are You Is Valid License ? AuthN AuthZ Identify Restictions Assign car

5. RBAC in one-slide RBAC is set of rules to map allowed operations on set of resources in a namespace (ns1) or cluster

6. Authorization and RBAC ● Default: Deny ALL ● Contains Subject-Verb-Resource-Namespace

7. Roles Vs Binding ● Role contains rules that represent a set of permissions. ● Binding grants the permissions deﬁned in a role to a user or set of users ● Two types of roles/bindings: ○ Roles/RoleBinding: Scope is Namespace level ○ ClusterRoles/ClusterRoleBinding : Scope at cluster level.

8. Roles Example Roles Cluster Roles

9. Binding Example RoleBinding ClusterRoleBinding

10. User Management in Kubernetes ? Expectation: kubectl create user john Kubectl create group adminns1 Kubectl add john to adminns1

11. No User Management in Kubernetes Expectation: kubectl create user john Kubectl create group adminns1 Kubectl add john to adminns1

12. How to manage user ? User Plugin ● Certiﬁcate based Authentication (x509) ● Token based Authentication ● Basic Authentication ● OAuth2: OIDC ○ Third party: Dex, OpenUnison https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens

13. How OIDC works

14. JWT Token

15. Auth0 Authentication ● A OpenID Connect provider similar to ○ Auth0, github, google, Ping, SecureAuth, ADFS, Azure Active Directory ● The authentication ﬂow looks like: ○ OAuth2 client logs a user in through Auth0. ○ That client uses the returned ID Token as a bearer token when talking to the Kubernetes API. ○ A claim designated as the username (and optionally group information) will be associated with that request.

16. Demo time Create RBAC based minikube cluster

17. Demo time: Conﬁgure Dashboard ● Conﬁguring Secrets kube-dashboard-secrets ● Setup a minikube kubernetes dashboard using : openresty-oidc ○ https://hub.docker.com/r/myobplatform/openresty-oidc/

18. Demo time: Create RBAC role-bindings ● Create namespaces: ns1-namespace, ns2-namespace ● Deploy Role bindings: ○ ClusterRoleBinding (k8s-admin) ○ RoleBinding (ns1) ○ RoleBinding(ns2) ● Create user in auth0

19. Auth0 Extension

20. RBAC basd Kubernetes dashboard

21. Useful Links https://aaronparecki.com/oauth-2-simplified/ https://github.com/dmilan77/kubernetes-rbac-presentation https://jwt.io/ https://github.com/pvdvreede/kubernetes-auth-presentation/blob/master/PITCHME.md https://www.youtube.com/watch?v=CnHTCTP8d48&t=1200s

Role based access control - RBAC - Kubernetes

Recommended

More Related Content

What's hot (20)

Similar to Role based access control - RBAC - Kubernetes (20)

Recently uploaded (20)

Role based access control - RBAC - Kubernetes