Restricting cluster-admin Permissions
Read OriginalThis technical article discusses a limitation of Kubernetes RBAC, which only allows adding permissions. It details a real-world problem where a buggy CLI tool used by cluster-admins was causing issues, and explains how the team at Giant Swarm used the Kyverno admission controller to create a ClusterPolicy that blocks specific delete actions, effectively restricting permissions even for users with the cluster-admin role.
0 comments
Comments
No comments yet
Be the first to share your thoughts!
Browser Extension
Get instant access to AllDevBlogs from your browser
Top of the Week
No top articles yet