Home > database >  how to disable user impersonation in kubernetes?
how to disable user impersonation in kubernetes?

Time:10-14

Is there a way to disable impersonation in Kubernetes for all admin/non Admin users?

kubectl get pod --as user1

The above command should not provide answer due to security concerns. Thank you in advance.

CodePudding user response:

Unless all your users are already admins they should not be able to impersonate users. As cluster-admin you can do "anything" and pre-installed roles/rb should not be edited under normal circumstances.

The necessary Role to enable impersonation is:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: impersonator
rules:
- apiGroups: [""]
  resources: ["users", "groups", "serviceaccounts"]
  verbs: ["impersonate"]

As long as normal users don't have those permissions, they should not be allowed to perform --as.

Page link:https//www.codepudding.com/database/576176.html

Prev:Paperspace: Docker pull private image
Next:HPA creates more pods than expected
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding