You're reading from Kubernetes and Docker - An Enterprise Guide Effectively containerize applications, integrate enterprise systems, and scale applications in your enterprise

Product type Paperback

Published in Nov 2020

Publisher Packt

ISBN-13 9781839213403

Length 526 pages

Edition 1st Edition

Tools

Docker

Concepts

Cloud Computing

Authors (2):

Marc Boorshtein

Scott Surovich

View More author details

Table of Contents (20) Chapters

Preface

1. Section 1: Docker and Container Fundamentals

2. Chapter 1: Docker and Container Essentials FREE CHAPTER

3. Chapter 2: Working with Docker Data

4. Chapter 3: Understanding Docker Networking

5. Section 2: Creating Kubernetes Development Clusters, Understanding objects, and Exposing Services

6. Chapter 4: Deploying Kubernetes Using KinD

7. Chapter 5: Kubernetes Bootcamp

8. Chapter 6: Services, Load Balancing, and External DNS

9. Section 3: Running Kubernetes in the Enterprise

10. Chapter 7: Integrating Authentication into Your Cluster

11. Chapter 8: RBAC Policies and Auditing

12. Chapter 9: Deploying a Secured Kubernetes Dashboard

13. Chapter 10: Creating PodSecurityPolicies

14. Chapter 11: Extending Security Using Open Policy Agent

15. Chapter 12: Auditing using Falco and EFK

16. Chapter 13: Backing Up Workloads

17. Chapter 14: Provisioning a Platform

18. Assessments

19. Other Books You May Enjoy

Leave a review - let other readers know what you think

Using audit2rbac to debug policies

There is a tool called audit2rbac that can reverse engineer errors in the audit log into RBAC policy objects. In this section, we'll use this tool to generate an RBAC policy after discovering that one of our users can't perform an action they need to be able to do. This is a typical RBAC debugging process and learning how to use this tool can save you hours trying to isolate RBAC issues:

In the previous chapter, a generic RBAC policy was created to allow all members of the k8s-cluster-admins group to be administrators in our cluster. If you're logged into OpenUnison, log out.
Now, log in again, but before hitting the Finish Login button at the bottom of the screen, remove the k8s-cluster-admins group and add cn=k8s-create-ns,cn=users,dc=domain,dc=com:
Figure 8.1 – Updated login attributes
Next, click on Finish Login. Once logged in, go to the dashboard. Just as when OpenUnison was first deployed, there won&apos...