Kubernetes Architecture
Kubernetes Role-Based Access Control (RBAC) can manage the access and permissions to users and groups based on their requirements as shown below figure the roles or cluster role will be attached to the specified user depending upon their requirements it may be the role that defines permissions within the namespace or cluster role which defines across the namespace.
Kubernetes’ main parts are Control Plane (formerly known as the Master) and the Compute Nodes (or just Nodes).
Control Plane (Master Node): The Control Plane is responsible for maintaining the desired state of the Kubernetes cluster, such as which applications are running and which container images they use. Key components of the control plane were
- API Server (kube-Episerver): This is the front end for the Kubernetes control plane. It is a RESTful interface that etcon handles and exposes APIs and is the main interface for administrators and users to manage the different parts of the cluster.
- etcd: It is a consistent and highly-available key-value store used as Kubernetes’ backing store for all cluster data, such as the configuration data and the state of the system.
- Scheduler (kube-scheduler): This is responsible for distributing work or containers across multiple nodes. It looks for newly created Pods with no assigned node and selects a node for them to run on based on factors such as individual and collective resource requirements, hardware/software/policy constraints, etc.
- Controller Manager (kube-controller-manager): This runs the core control loops that regulate the state of the cluster and perform routine tasks. There are different kinds of controllers, such as the Node Controller, Replication Controller, Endpoints Controller, and Service Account & Token Controllers.
- Cloud Controller Manager (cloud-controller-manager): This runs controllers that interact with the underlying cloud providers. It allows the cloud vendor’s technology and the Kubernetes core to evolve independently of each other.
- Compute Nodes (Worker Nodes): All are the machines where the applications are deployed. Each node can host multiple pods. The components on a node include:
- Kubelet: This is the primary node agent that watches for Pods that have been assigned to its node and ensures that these Pods are running and healthy.
- Container Runtime: This is the software responsible for running containers. Kubernetes supports several runtimes: Docker, containers, CRI-O, and any implementation of the Kubernetes CRI (Container Runtime Interface).
- kube-proxy: This is a network proxy that runs on each node to maintain network rules and connection forwarding.
- Pods: It is the smallest deployable units that can be created and managed in Kubernetes. A Pod can contain one or more containers.
How To Use Kubernetes RBAC (Role-Based Access Control)?
In a nutshell, Role-Based Access Control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an organization. In the context of Kubernetes, RBAC is a security feature that controls access to resources within your cluster. It allows you to specify what actions a user or a group of users can and cannot perform. This is vital in a team environment, where not everyone should have full, unrestricted access to all resources.
Before we go further, let’s briefly understand the architecture of Kubernetes. Kubernetes follows a master-worker node architecture. The master node is responsible for maintaining the desired state (like which applications or other workloads should be running and which nodes they live on), and the worker nodes actually run the workloads.