Impersonation using RBAC
Impersonation using RBAC
(Cluster)Roles can allow impersonation
Perform actions in the context of a second ServiceAccount
Delegation of Namespaces
Useful for one cluster used by many teams
Read-only user per namespace
Impersonation to admin per namespace
Protection from mistakes
Useful for one cluster used by a single team
Cluster-wide read-only user
Impersonation to admin per namespace
Demo: Impersonation
Demonstrates delegation of namespace
Namespace test
Read-only user test-reader
Admin user test-admin
Usage:
bash [3]
kubectl \
--namespace test \
--as=test-admin \
run -it --image=alpine --command \
-- \
sh