RBAC In Kubernetes: Roles, Service Accounts, And Permissions
RBAC explained in 250 characters: Service Account is like an identity card, Role defines permissions, RoleBinding grants access to resources. Use `kubectl auth can-i` for quick verification of permissions.
RBAC 1. Metaphor Service Account (SA): "Cheedge" is a worker (identity card). Role/ClusterRole: "Read-Only access to check each bank safe box" (permissions/authorization). RoleBinding/ClusterRoleBinding: The contract that grants this guy permission to access the bank safe box. So according to above, this guy can access the bank safe box every day, but Read-Only... 2. Define and Use it After clear the basic meaning for these concepts, let's see a simple example to control create, delete, get, and list operations to cm in the pod: Scenario: Grant a service account...