Kubernetes RBAC
Tricks and Caveats
Nicholas Dille, Haufe Group
DevOps Meetup
Summary
- RBAC is well documented in the ecosystem
- Little known verbs are a risk
- Impersonation can improve security
- Service account tokens must be managed
- Policy management - e.g. Kyverno - for the rescue
Upcoming events
2024-11-07 - heise Academy Workshop GitLab Ops
2024-11-13 - ContainerConf hopefully
2024-11-21 - heise Academy Workshop GitLab CI