Hi Everyone
I want to implement password protection to all the name space at the time of creation of namespace Is there any way to achive this.
Please help me out and reply @ mp98256@gmail.com
Thanks
Mayur
Hi Everyone
I want to implement password protection to all the name space at the time of creation of namespace Is there any way to achive this.
Please help me out and reply @ mp98256@gmail.com
Thanks
Mayur
You probably want to use RBAC to restrict access to a namespace. This guy has a tutorial explaining how to do so here.
Though this doesn’t address issues like preventing the use from creating pods with the securityContext.privileged
and gaining node level access. You can use tools like OPA Gatekeeper, jsPolicy, or Kyverno for enforcing such rules.
Then there’s also other considerations like preventing access between namespaces with network policies.
i want someone should not delete my namespace in cluster
When you say “someone”, my assumption is that you’re talking about other users or service accounts. If that’s not right, please clarify further.
In Kubernetes access is permitted for authentication resources and RBAC is used to control what those authenticated resources can do.
If you want to control what a user or service account can do, that is done with ClusterRoles
, Roles
, ClusterRoleBindings
, and RoleBindings
.
there are multiple other team members are using the same cluster and they can creat and delete(any) namespace in this cluster but someone is deleting my namespace so can i use password protection to namespace so other mamber can not delete namespace without password. it will be great if you ping me on +917092879397 (whatsapp)
Thanks
i want to implement some machanism that during the namespace creation we can set password for namespace so others cant delete
No such mechanism exists. Don’t share permissions with people you don’t trust?
This is a user & permissions management issue. Understanding authentication resources and RBAC is what you need to enforce rules that users on the system adhere to, such as “don’t delete my namespace”.
If you’re using GKE, EKS, or AKS; there might be other user management “isms” to be aware of on these managed platforms. You will need to refer to their documentation regarding user management in clusters.
If you want to figure out who is deleting your namespace… everyone needs to be using their own service accounts and you need to look into auditing.