Impersonation using RBAC

Impersonation using RBAC

Perform actions in the context of another ServiceAccount

Delegation of Namespaces

Useful for one cluster used by many teams

Read-only user per namespace

Impersonation to admin per namespace

Protection from mistakes

Useful for cluster-wide administrator

Cluster-wide read-only user

Impersonation to admin per namespace


Demo: Impersonation

Demonstrates delegation of a namespace

Namespace test

Read-only user test-reader

Admin user test-admin

Usage:

bash [3] kubectl \ --namespace test \ --as=test-admin \ run -it --image=alpine --command \ -- \ sh