Protection to namespace in cluster

mayur_patel · August 11, 2021, 6:12am

Hi Everyone
I want to implement password protection to all the name space at the time of creation of namespace Is there any way to achive this.

Please help me out and reply @ mp98256@gmail.com

Thanks
Mayur

protosam · August 13, 2021, 2:48am

You probably want to use RBAC to restrict access to a namespace. This guy has a tutorial explaining how to do so here.

Though this doesn’t address issues like preventing the use from creating pods with the securityContext.privileged and gaining node level access. You can use tools like OPA Gatekeeper, jsPolicy, or Kyverno for enforcing such rules.

Then there’s also other considerations like preventing access between namespaces with network policies.

mayur_patel · August 13, 2021, 3:06am

i want someone should not delete my namespace in cluster

protosam · August 13, 2021, 5:16am

When you say “someone”, my assumption is that you’re talking about other users or service accounts. If that’s not right, please clarify further.

In Kubernetes access is permitted for authentication resources and RBAC is used to control what those authenticated resources can do.

If you want to control what a user or service account can do, that is done with ClusterRoles, Roles, ClusterRoleBindings, and RoleBindings.

mayur_patel · August 13, 2021, 7:35am

there are multiple other team members are using the same cluster and they can creat and delete(any) namespace in this cluster but someone is deleting my namespace so can i use password protection to namespace so other mamber can not delete namespace without password. it will be great if you ping me on +917092879397 (whatsapp)
Thanks

mayur_patel · August 13, 2021, 7:37am

i want to implement some machanism that during the namespace creation we can set password for namespace so others cant delete

thockin · August 13, 2021, 2:36pm

No such mechanism exists. Don’t share permissions with people you don’t trust?

protosam · August 13, 2021, 4:16pm

This is a user & permissions management issue. Understanding authentication resources and RBAC is what you need to enforce rules that users on the system adhere to, such as “don’t delete my namespace”.

If you’re using GKE, EKS, or AKS; there might be other user management “isms” to be aware of on these managed platforms. You will need to refer to their documentation regarding user management in clusters.

If you want to figure out who is deleting your namespace… everyone needs to be using their own service accounts and you need to look into auditing.

Topic		Replies	Views
Kubernetes RBAC RoleBinding for multiple namespaces General Discussions	0	1332	March 27, 2020
K8s RBAC serviceaccount with extended permissions General Discussions	3	650	December 26, 2019
Managing access control to deploy k8s resources within a namespace in a cluster General Discussions	0	613	November 30, 2018
Accesing resources through different namespaces General Discussions development	3	2777	April 2, 2019
K8s kubernetes-dashboard V2 rbac how to allow only one namespace with full permission? General Discussions	0	439	January 31, 2021

Protection to namespace in cluster

Related Topics