cloud-security

Kubernetes RBAC

Kubernetes Role-Based Access Control

Definition

Kubernetes RBAC controls access to Kubernetes API resources through Roles (namespace-scoped) and ClusterRoles (cluster-scoped) bound to users, groups, or service accounts. Security misconfigurations in Kubernetes RBAC — such as granting wildcard permissions, allowing `create` on pods or deployments without image restrictions, or binding service accounts to ClusterAdmin — are common privilege escalation paths.

Regular RBAC audits and tools like kubectl-who-can help identify overly permissive bindings.

Related Terms

KSPM

Kubernetes Security Posture Management

Pod Security

Pod Security Standards

Least Privilege

Principle of Least Privilege

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product