Day 24/40 - Kubernetes RBAC Continued - Clusterrole and Clusterrole Binding

About this video

### Summary of the Video Content: 1. **Introduction and Context**: - The video is part of the CK 2024 series, specifically Video #24. - The presenter, BE, discusses roles, role bindings, and their application in Kubernetes. - A practical task is available in the GitHub repository for Day 24 to help viewers practice. 2. **Recap of Previous Topics**: - Covered authentication, authorization, symmetric encryption, and certificate-based authentication. - Explored attribute-based access control (ABAC) and role-based access control (RBAC). - Discussed node authorization and webhooks. 3. **Roles and Role Bindings**: - Roles define specific permissions (e.g., listing or monitoring containers). - Role bindings associate roles with users or groups, granting them the specified permissions. - Roles operate within a namespace scope, meaning they apply only to resources within that namespace (e.g., pods, deployments, services). 4. **Cluster Roles and Cluster Role Bindings**: - Unlike roles, cluster roles apply at the cluster level rather than being limited to a namespace. - Permissions for cluster roles include actions like listing or monitoring nodes. - Cluster role bindings assign cluster roles to users or groups, granting cluster-wide permissions. 5. **Key Differences Between Roles and Cluster Roles**: - Roles are namespace-specific, while cluster roles apply across the entire cluster. - If no namespace is specified in a role definition, it applies to all namespaces, effectively making it a cluster-level role. 6. **Practical Demonstration**: - Used `kubectl` commands to list namespace-scoped and cluster-scoped resources: - Namespace-scoped resources: CronJobs, Deployments, Services, ConfigMaps, etc. - Cluster-scoped resources: ClusterRoles, StorageClasses, IngressClasses, etc. - Created a ClusterRole named `node-reader` with permissions to `get`, `list`, and `watch` nodes. - Verified the creation using `kubectl describe clusterrole`. 7. **Cluster Role Binding**: - Created a ClusterRoleBinding to associate the `node-reader` role with the user "Krishna." - Verified the binding using `kubectl describe clusterrolebinding`. - Tested the permissions by switching contexts to the "Krishna" user and confirming access to nodes. 8. **Access Control Testing**: - Confirmed that "Krishna" could list and describe nodes but not delete them, as deletion permissions were not granted. - Demonstrated how RBAC enforces fine-grained access control. 9. **Conclusion and Call to Action**: - Encouraged viewers to complete the practical task on GitHub and provide feedback via likes and comments. - Mentioned upcoming videos, including one on service accounts. - Invited viewers to join the Discord server for community support. 10. **Final Remarks**: - Thanked viewers for their support and engagement. - Encouraged subscriptions and active participation in the series. This summary captures the key points and flow of the video, focusing on roles, role bindings, and their practical implementation in Kubernetes.

Course: Certified Kubernetes Administrator Full Course For beginners | CKA 2025

This playlist contains the complete CKA series for beginners, based on the latest 2025 curriculum. It includes 40+ videos with hands-on demos, assignments, and exam-based scenarios. We will cover everything from the basics to the Advanced, including fundamental concepts such as Docker, containers, Docker storage and networking, DNS, etc.