Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Hands-on Kubernetes on Azure, Third Edition

You're reading from   Hands-on Kubernetes on Azure, Third Edition Use Azure Kubernetes Service to automate management, scaling, and deployment of containerized applications

Arrow left icon
Product type Paperback
Published in May 2021
Publisher Packt
ISBN-13 9781801079945
Length 528 pages
Edition 3rd Edition
Languages
Tools
Arrow right icon
Authors (3):
Arrow left icon
Gunther Lenz Gunther Lenz
Author Profile Icon Gunther Lenz
Gunther Lenz
Nills Franssens Nills Franssens
Author Profile Icon Nills Franssens
Nills Franssens
Shivakumar Gopalakrishnan Shivakumar Gopalakrishnan
Author Profile Icon Shivakumar Gopalakrishnan
Shivakumar Gopalakrishnan
Arrow right icon
View More author details
Toc

Table of Contents (22) Chapters Close

Preface Foreword
Section 1: The Basics FREE CHAPTER
1. Introduction to containers and Kubernetes 2. Getting started with Azure Kubernetes Service Section 2: Deploying on AKS
3. Application deployment on AKS 4. Building scalable applications 5. Handling common failures in AKS 6. Securing your application with HTTPS 7. Monitoring the AKS cluster and the application Section 3: Securing your AKS cluster and workloads
8. Role-based access control in AKS 9. Azure Active Directory pod‑managed identities in AKS 10. Storing secrets in AKS 11. Network security in AKS Section 4: Integrating with Azure managed services
12. Connecting an application to an Azure database 13. Azure Security Center for Kubernetes 14. Serverless functions 15. Continuous integration and continuous deployment for AKS Index

Configuring RBAC in AKS

To demonstrate RBAC in AKS, you will create two namespaces and deploy the Azure voting application in each namespace. You will give the group cluster-wide read-only access to pods, and you will give the user the ability to delete pods in only one namespace. Practically, you will need to create the following objects in Kubernetes:

  • ClusterRole to give read-only access
  • ClusterRoleBinding to grant the group access to this role
  • Role to give delete permissions in the delete-access namespace
  • RoleBinding to grant the user access to this role
A flowchart showing the demo you’ll be building. A user is part of a group. The group has a clusterrole to read pods. The user has an additional namespace scoped role allowing them to delete pods

Figure 8.17: The group getting read-only access to the whole cluster, and the user getting delete permissions to the delete-access namespace

Let's set up the different roles on your cluster:

  1. To start our example, you will need to retrieve the ID of the group. The following commands will retrieve the group ID:
    az ad group show -g 'handson aks users' \
     ...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image