#Kubernetes tutorial for beginners | K8s Service Accounts| k8s RBAC | k8s Cluster Roles | SSL in K8s
2.7 هزار بار بازدید -
3 سال پیش
-
#Kubernetes tutorial
#Kubernetes tutorial for beginners | kubernetes Service Accounts | k8s RBAC | k8s Roles and Cluster Roles | Using SSL in K8s
Using SSL in K8s
RBAC
Roles & Cluster Roles
Role Bindings & Cluster Role Bindings
Service Accounts
Trusting TLS in a Cluster
Kubernetes provides a certificates.k8s.io API, which lets you provision TLS certificates signed by a Certificate Authority that you control.
These CA and certificates can be used by your workloads to establish trust.
Trusting the custom CA from an application running as a pod usually requires some extra application configuration.
You will need to add the CA certificate bundle to the list of CA certificates that the TLS client or server trusts.
For example, you would do this with a golang TLS config by parsing the certificate chain and adding the parsed certificates to the RootCAs field in the tls.Config struct.
You can distribute the CA certificate as a ConfigMap that your pods have access to use
Implementing RBAC in K8s
In Kubernetes, ClusterRoles and Roles define the actions a user can perform within a cluster or namespace, respectively. You can assign these roles to Kubernetes subjects, users, groups, or service accounts with role bindings and cluster role bindings. Kubernetes allows you to configure custom roles or use default user-facing roles, including:
Cluster-admin: This “superuser” can perform any action on any resource in a cluster. You can use this in a ClusterRoleBinding to grant full control over every resource in the cluster or in a RoleBinding to grant full control over every resource in the respective namespace. Admin: This role permits unlimited read/write access to resources within a namespace. This role can create roles and role bindings within a particular namespace. It does not permit write access to the namespace itself. Edit: This role grants read/write access within a given Kubernetes namespace. It cannot view or modify roles or role bindings. View: This role allows read-only access within a given namespace. It does not allow viewing or modifying of roles or role bindings.
Adding Service Account Auth Token to Kubeconfig
A service account has an associated authentication token, which is stored as a Kubernetes secret. You bind service account to a clusterrolebinding that has cluster administration permissions. You can then add the service account and its authentication token as a user definition in the kubeconfig file itself.
kubernetes tutorial, kubernetes tutorial for beginners, k8s tutorial, k8s tutorial for beginners, Using SSL in kubernetes, kubernetes RBAC, kubernetes Roles and Cluster Roles, kubernetes Role Bindings and Cluster Role Bindings, kubernetes Service Accounts, Using SSL in K8s, k8s RBAC, k8s Roles and Cluster Roles, k8s Role Bindings and Cluster Role Bindings, k8s Service Accounts
k8s,k8s rbac,rbac k8s,hands on k8s,k8s tutorial,k8s security,using ssl in k8s,security in k8s,k8s service accounts,k8s network policies,k8s backup and restore,k8s tutorial for beginners,k8s roles and cluster roles,k8s security best practices,how to set up user credentials on k8s,k8s role bindings and cluster role bindings
To learn latest technology online, visit https://www.skillpedia.co
Using SSL in K8s
RBAC
Roles & Cluster Roles
Role Bindings & Cluster Role Bindings
Service Accounts
Trusting TLS in a Cluster
Kubernetes provides a certificates.k8s.io API, which lets you provision TLS certificates signed by a Certificate Authority that you control.
These CA and certificates can be used by your workloads to establish trust.
Trusting the custom CA from an application running as a pod usually requires some extra application configuration.
You will need to add the CA certificate bundle to the list of CA certificates that the TLS client or server trusts.
For example, you would do this with a golang TLS config by parsing the certificate chain and adding the parsed certificates to the RootCAs field in the tls.Config struct.
You can distribute the CA certificate as a ConfigMap that your pods have access to use
Implementing RBAC in K8s
In Kubernetes, ClusterRoles and Roles define the actions a user can perform within a cluster or namespace, respectively. You can assign these roles to Kubernetes subjects, users, groups, or service accounts with role bindings and cluster role bindings. Kubernetes allows you to configure custom roles or use default user-facing roles, including:
Cluster-admin: This “superuser” can perform any action on any resource in a cluster. You can use this in a ClusterRoleBinding to grant full control over every resource in the cluster or in a RoleBinding to grant full control over every resource in the respective namespace. Admin: This role permits unlimited read/write access to resources within a namespace. This role can create roles and role bindings within a particular namespace. It does not permit write access to the namespace itself. Edit: This role grants read/write access within a given Kubernetes namespace. It cannot view or modify roles or role bindings. View: This role allows read-only access within a given namespace. It does not allow viewing or modifying of roles or role bindings.
Adding Service Account Auth Token to Kubeconfig
A service account has an associated authentication token, which is stored as a Kubernetes secret. You bind service account to a clusterrolebinding that has cluster administration permissions. You can then add the service account and its authentication token as a user definition in the kubeconfig file itself.
kubernetes tutorial, kubernetes tutorial for beginners, k8s tutorial, k8s tutorial for beginners, Using SSL in kubernetes, kubernetes RBAC, kubernetes Roles and Cluster Roles, kubernetes Role Bindings and Cluster Role Bindings, kubernetes Service Accounts, Using SSL in K8s, k8s RBAC, k8s Roles and Cluster Roles, k8s Role Bindings and Cluster Role Bindings, k8s Service Accounts
k8s,k8s rbac,rbac k8s,hands on k8s,k8s tutorial,k8s security,using ssl in k8s,security in k8s,k8s service accounts,k8s network policies,k8s backup and restore,k8s tutorial for beginners,k8s roles and cluster roles,k8s security best practices,how to set up user credentials on k8s,k8s role bindings and cluster role bindings
To learn latest technology online, visit https://www.skillpedia.co
3 سال پیش
در تاریخ 1400/08/19 منتشر شده
است.
2,700
بـار بازدید شده