What's Next?

Review what we’ve learned so far and what we’ll learn next.

We'll cover the following

Summary

Authorization and authentication are critical security components. Without a proper set of permissions, we risk exposure with potentially devastating results. Moreover, with appropriate Rules, Roles, and RoleBindings, we can make a cluster more secure and increase collaboration between different members of our organization. The only trick is to find the right balance between tight security and freedom. It takes time until that equilibrium is established.

RBAC combined with namespaces provides an excellent separation. Without namespaces, we’d need to create multiple clusters. Without RBAC, those clusters would be exposed or locked down to only a handful of users. The two combined provide an excellent way to increase collaboration without sacrificing security.

However, we did not explore service accounts. They are the third kind of Subjects besides users and groups. We’ll leave that for some other time because they are used primarily for Pods that need to access the Kubernetes API. This chapter focused on humans and how we can enable them to reach a cluster in a safe and controlled manner.

We are still missing one important restriction. By combining namespaces and RBAC, we can restrict what users can do. However, that will not prevent them from deploying applications that could potentially bring down the whole cluster. We need to add Resource Quotas to the mix. That will be the subject of the next chapter.

Get hands-on with 1200+ tech skills courses.