From eea2720647f38b87c354c6143416022e9e85363d Mon Sep 17 00:00:00 2001 From: Mischa van den Burg Date: Mon, 1 Apr 2024 10:30:00 +0200 Subject: [PATCH] Automated commit at Mon Apr 1 10:30:00 CEST 2024 --- ...oles can be applied to one or more namespaces.md | 13 +++++++++++++ content/Kubernetes.md | 3 ++- content/RBAC permissions are additive.md | 7 +++++++ content/RBAC.md | 12 ++++++++++++ .../There are no Deny rules in Kubernetes RBAC.md | 8 ++++++++ 5 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 content/ClusterRoles can be applied to one or more namespaces.md create mode 100644 content/RBAC permissions are additive.md create mode 100644 content/RBAC.md create mode 100644 content/There are no Deny rules in Kubernetes RBAC.md diff --git a/content/ClusterRoles can be applied to one or more namespaces.md b/content/ClusterRoles can be applied to one or more namespaces.md new file mode 100644 index 000000000..c5547d6fc --- /dev/null +++ b/content/ClusterRoles can be applied to one or more namespaces.md @@ -0,0 +1,13 @@ + +A ClusterRole is available to the entire cluster. But you will only receive these permissions in all namespaces if a **Cluster**Rolebinding is created. + +You can also create a normal RoleBinding, which is a namespaced resource. Then the permissions will only apply to that namespace, even though it is a ClusterRole. + +You can also have RoleBindings from multiple namespaces and the ClusterRole will only apply to those namespaces. + + +## Links: + + + +202404011016 \ No newline at end of file diff --git a/content/Kubernetes.md b/content/Kubernetes.md index a92c1b57a..159540753 100644 --- a/content/Kubernetes.md +++ b/content/Kubernetes.md @@ -2,11 +2,12 @@ [[CKS]] - [[Kubernetes Storage]] [[Network Policies]] +[[RBAC]] + ## Links: diff --git a/content/RBAC permissions are additive.md b/content/RBAC permissions are additive.md new file mode 100644 index 000000000..f93661b51 --- /dev/null +++ b/content/RBAC permissions are additive.md @@ -0,0 +1,7 @@ +Permissions from ClusterRolebindings and RoleBindings will be added to each other. + +## Links: + + + +202404011021 \ No newline at end of file diff --git a/content/RBAC.md b/content/RBAC.md new file mode 100644 index 000000000..d01c1032c --- /dev/null +++ b/content/RBAC.md @@ -0,0 +1,12 @@ + +[[There are no Deny rules in Kubernetes RBAC]] + +[[ClusterRoles can be applied to one or more namespaces]] + +[[RBAC permissions are additive]] + +## Links: + + + +202404011006 \ No newline at end of file diff --git a/content/There are no Deny rules in Kubernetes RBAC.md b/content/There are no Deny rules in Kubernetes RBAC.md new file mode 100644 index 000000000..ad7e7be83 --- /dev/null +++ b/content/There are no Deny rules in Kubernetes RBAC.md @@ -0,0 +1,8 @@ + +It is only possible to allow permissions in Kubernetes. You can only whitelist. + +## Links: + + + +202404011006 \ No newline at end of file