This article is a part of the Kubernetes security series that started a few weeks ago. The first article covered the overview and background of Kubernetes access controlwhile the second part introduced the core concepts of authentication. In this installment, we will understand the concepts of authorization through a hands-on approach.

Let’s start with a quick recap of the environment and the scenario. We are dealing with a cluster running in the production environment where each department is associated with a namespace. We have Bob, the new hire in the DevOps team that we just on-boarded to the cluster as an administrator for the engineering namespace. He has been handed over the key and the signed certificate to access the Kubernetes cluster.

If you haven’t done so already, run the commands from the previous tutorial to complete the environment setup and configuring the credentials for Bob.

It’s time for us to authorize Bob to control the resources belonging to the engineering namespace.

We will first create a context for kubectl which makes it handy to switch between different environments.

Read the entire article at The New Stack

Janakiram MSV is an analyst, advisor, and architect. Follow him on Twitter,  Facebook and LinkedIn.