Kubernetes RBAC

Tricks and Caveats

Nicholas Dille, Haufe Group

DevOps Meetup

Summary

  • RBAC is well documented in the ecosystem
  • Little known verbs are a risk
  • Impersonation can improve security
  • Service account tokens must be managed
  • Policy management - e.g. Kyverno - for the rescue

Upcoming events

2024-11-07 - heise Academy Workshop GitLab Ops

2024-11-13 - ContainerConf hopefully

2024-11-21 - heise Academy Workshop GitLab CI