Day 23- Mastering RBAC (Role-Based Access Control) in Kubernetes

This session helped me understand how Kubernetes decides who can do what inside a cluster — a core part of secure DevOps practices 🔐

Key Learnings:
👤 Roles — Define what actions can be performed on specific resources (e.g., read-only access to pods).
🤝 RoleBindings — Connect those permissions to specific users or service accounts.
🌍 ClusterRoles & ClusterRoleBindings — Extend access cluster-wide, beyond a single namespace.

Why RBAC Matters 🤔 :
✅ Enforces the principle of least privilege — users get only what they truly need.
✅ Ensures multi-user environments remain safe and compliant.
✅ Offers fine-grained control and integrates easily with external identity systems.
Hands-on Highlights:
🔸 Verified user identities using kubectl auth whoami
🔸 Tested permissions using kubectl auth can-i get pod
🔸 Created custom Roles & RoleBindings for specific users
🔸 Accessed the Kubernetes API securely with certificates and curl
This deep dive showed how RBAC forms the foundation for secure Kubernetes operations — bridging authentication and authorization seamlessly.

Comments

Quick Guide to VCF Automation for VCD Administrators

Quick Guide to VCF Automation for VCD Administrators VMware Cloud Foundation 9 (VCF 9) has been released and with it comes brand new Cloud Management Platform – VCF Automation (VCFA) which supercedes both Aria Automation and VMware Cloud Director (VCD). This blog post is intended for those people that know VCD quite well and want to understand how is VCFA similar or different to help them quickly orient in the new direction. It should be emphasized that VCFA is a new solution and not just rebranding of an old one. However it reuses a lot of components from its predecessors. The provider part of VCFA called Tenenat Manager is based on VCD code and the UI and APIs will be familiar to VCD admins, while the tenant part inherist a lot from Aria Automation and especially for VCD end-users will look brand new. Deployment and Architecture VCFA is generaly deployed from VCF Operations Fleet Management (former Aria Suite LCM embeded in VCF Ops. Fleet Management...

Issue with Aria Automation Custom form Multi Value Picker and Data Grid https://knowledge.broadcom.com/external/article?articleNumber=345960 Products VMware Aria Suite Issue/Introduction Symptoms: Getting error " Expected Type String but was Object ", w hen trying to use Complex Types in MultiValue Picker on the Aria for Automation Custom Form. Environment VMware vRealize Automation 8.x Cause This issue has been identified where the problem appears when a single column Multi Value Picker or Data Grid is used. Resolution This is a known issue. There is a workaround. Workaround: As a workaround, try adding one empty column in the Multivalue picker without filling the options. So we can add one more column without filling the value which will be hidden(there is a button in the designer page that will hide the column). This way the end user will receive the same view.

"Cloud zone insights not available yet, please check after some time" message on Aria Automation https://knowledge.broadcom.com/external/article?articleNumber=314894 Products VMware Aria Suite Issue/Introduction Symptoms: The certificate for Aria operations has been replaced since it was initially added to Aria Automation as an integration. When accessing the Insights pane under Cloud Assembly -> Infrastructure -> Cloud Zone -> Insights the following message is displayed: "Cloud zone insights not available yet, please check after some time." The /var/log/services-logs/prelude/hcmp-service-app/file-logs/hcmp-service-app.log file contains ssl errors similar to: 2022-08-25T20:06:43.989Z ERROR hcmp-service [host='hcmp-service-app-xxxxxxx-xxxx' thread='Thread-56' user='' org='<org_id>' trace='<trace_id>' parent='<parent_id>' span='<span_id>'] c.v.a.h.a.common.AlertEnu...

Tech-Gen

Search This Blog