Access to objects in the cluster is governed by Role-based access control (RBAC). The RBAC API distinguishes the following types of Kubernetes objects:
Role — a YAML manifest with a permission set for Kubernetes cluster objects. A Role describes permissions in a namespace, so when you create this object, you must specify the namespace to which access is granted.
ClusterRole — a cluster object that describes the permissions for objects in the cluster. A ClusterRole is used to grant access to individual namespaces or all namespaces, cluster resources (such as nodes), and namespaces (such as pods). This includes the 'admin', 'edit', and 'view' roles, which describe permissions that allow administration, editing or only viewing of entities. You can view the role in your cluster if you have administrator permissions, using the following command:
ServiceAccount — an object that uses an automatically generated token to restrict the permissions of software in the cluster.
RoleBinding — an object that provides access to objects in the same namespace as the RoleBinding.
ClusterRoleBinding — an object that grants access to objects in all namespaces of the cluster.
Kaspersky Container Security allows getting detailed information about actions upon RBAC objects in a specific cluster. You can:
View information about RBAC object creation, modification, and deletion.
View RBAC object manifests in YAML format before and after modification.
Download RBAC object manifests in YAML format before and after modification.