I need to know is there any way to allow user to view only selected pods in a namespace using rbac I can allow user to view all the pods in a namespace but I couldn't allow selected pods. Is this possible using RBAC or should I try a different approach to achieve this.
Is there a way to allow user to view some of the pods in a namespace using k8s rbac
33 views Asked by Uvindu Sahan At
1
There are 1 answers
Related Questions in KUBERNETES
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- I can't create a pod in minikube on windows
- Oracle setting up on k8s cluster using helm charts enterprise edition
- Retrieve the Dockerfile configuration from the Kubernetes and also change container Java parameter?
- Summarize pods not running, by Namespace and Reason - I'm having trouble finding the reason
- How to get Java running parameters from Spring Boot running inside container in pod where no ps exist
- How do we configure prometheus server to scrape metrics from a pod with Istio sidecar proxy?
- In rke kube-proxy pod is not present
- problem with edge server registration in Eureka
- Unable to Access Kubernetes LoadBalancer Service from Local Device Outside Cluster
- Kubernetes cluster on GCE connection refused error
- Based on my experience, I've outlined the Kubernetes request flow. Could someone please add or highlight any points I might have overlooked?
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Python3.11 can't open file [Errno 2] No such file or directory
- Cannot find remote pod service - SERVICE_UNAVAILABLE
Related Questions in RBAC
- Unable to pass RBAC username of AWS Redis in ServiceStack,Redis. Does ServiceStack.Redis supports RBAC?
- Neo4j Granting Access Based on Label Patterns
- Prevent user login to Azure App Registration
- "Invalid client or Invalid client credentials" with ArgoCD and Keycloak
- RBAC(Role Base Access Control) with gRPC-Gateway generated RESTful API
- How to implement RBAC with express-graphql resolvers?
- Superset - Give a user read-only access on a dashboard and edit access on another dashboard
- K8s rbac - Service Account missing capabilities
- How to implement Multi entity RBAC via Firestore DB and Firestore rules through SubCollections scheme is it even right?
- How to persist users in Grafana open source (docker swarm)
- Is it possible to restrict the group to have reader access at container level in azure?
- Is there a way to allow user to view some of the pods in a namespace using k8s rbac
- Can Kubernetes RoleBinding have subjects in a different namespace?
- Is it possible to use Entra ID to handle my custom application permissions without tying myself to the .NET framework?
- Unable to restrict Vault policy names in hcl template
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
It seems that RBAC doesn't really directly allow restricting access to specific pods within a namespace.but there are still some approaches that you can try.
Limiting RBAC to Namespaces. You can assign the user a ClusterRole or Role that limits access to specific namespaces where they only have read access to pods. This provide coarse-grained control but doesn't allow restricting visibility within a single namespace.
Leveraging Pod labels and annotations. Label the pods you want the user to access and create a ClusterRole or Role that allows reading pods with specific labels. This approach requires labeling your pods consistently and might become complex if managing many pods.
Utilizing Pod Security Policies(PSPs). Define PSPs with specific rules defining which users can access pods based on labels, annotations, or other attributes.
Implementing a custom solution. Develop a custom admission controller or webhook to intercept pod access to those service accounts instead of individual pods.This might not be applicable in all scenarios and requires managing service account permissions.