The article discusses the use of RBAC (Role-Based Access Control) in multi-user/multi-tenant Kubernetes clusters and its limitations in terms of subtracting permissions.
The author describes how they leveraged an admission controller using Kyverno to block a specific delete-all action that was causing issues in their CLI. They created a cluster policy that blocked cluster-admin and others from performing the specific action. The article highlights other potential use cases for this approach, such as preventing accidental deletion of critical resources, blocking fetching details of secrets in a specific namespace, and limiting deletes/updates/patches to specific users.
Give a Pawfive to this post!
Share with your friends and followers
Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.
Join other developers and claim your FAUN.dev() account now!
