Understanding RBAC
When it comes to users, groups, and service accounts, there are two questions you must ask yourself. The first is: Who can access your cluster? Which users, service accounts, and groups have the ability to run kubectl commands on the clusters in development, staging, and production? Which of those users have a Kubeconfig that gives them access to particular clusters? Which environments can they connect to?
The second question is: What can they do once they’re inside the cluster? Can they list Pods? Create Pods? See Ingress Controllers? Create Ingress Controllers? What types of Kubernetes resources can they interact with throughout each environment?
When you’re setting up a Kubernetes environment, you must also think about authentication and authorization. Who can access your cluster and what can they do? Further, you must think about what the users can do throughout each environment. For example, thinking about the single tenancy model that you...
