Configuring RBAC rules
The ability of an authenticated user in Kubernetes to perform actions is governed through a set of RBAC policies. As introduced in Chapter 2, Preparing a Kubernetes and Helm Environment, policies, known as roles, can be associated with users or service accounts, and Kubernetes contains several default roles that can be associated. RBAC has been enabled by default in Kubernetes since version
1.6. When thinking about Kubernetes RBAC in the context of Helm usage, you need to consider two factors:
- The user installing a Helm chart
- The service account associated with the pod running the workload
In most cases, the individual responsible for installing a Helm chart is associated with a Kubernetes user. However, Helm charts can be installed through other means, such as by a Kubernetes operator with an associated service account.
By default, users and service accounts have minimal permissions in a Kubernetes cluster. Additional permissions are granted...