Limit the Kubernetes service account access specific namespace Limit the Kubernetes service account access specific namespace kubernetes kubernetes

Limit the Kubernetes service account access specific namespace


kubernetes service-accounts

Kubernetes has only two permission scopes: Cluster(ClusterRole) or Namespace(Role) and no way to limit or exclude a ClusterRole to specific namespaces. If you want to restrict your ServiceAccount to specific namespaces you cannot use a ClusterRole but must use a Role in every namespace the ServiceAccount should have access in.

kubernetes service-accounts

In addition to the other answer, when you use a Role, you need to specify the namespace on your RoleBinding. For example:

$ kubectl create rolebinding my-binding --role=myrole --user=myuser --namespace=mynamespace

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last