DEVHIDE
Login Or Sign up

Restrict access of a K8s secret to a particular service account

944 Views Asked by At

I have a secret which contains very sensitive information. I want to make sure that this secret can only be accessed by a certain service account and nobody else.

Using RBAC, I can tell which user can access which resources. But is there some way where I can tell that this secret can only be accessed by this user?

kubernetes kubernetes-secrets k8s-serviceaccount k8s-rolebinding
Original Q&A
2

There are 2 best solutions below

0
On

  • as far as i know , There is no straight forward way to get that info (might require write a script to that iterates through rolebindings & clusterrolebindings).

  • Recently found a plugin called kubectl who-can on kubectl-who-can that fetches those kind details with one command.

1
On

It is possible to get it done with Validating webhook where the API request fields are parsed and checked for matching users. OPA can be used to do some heavy lifting.

Related Questions in KUBERNETES

Related Questions in KUBERNETES-SECRETS

Related Questions in K8S-SERVICEACCOUNT

Related Questions in K8S-ROLEBINDING

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.