Kubernetes RBAC controls who or what can perform actions against the Kubernetes API.
RBAC stands for role-based access control.
Core objects
- Role: permissions inside one namespace
- ClusterRole: permissions across the cluster
- RoleBinding: grants a Role to a user, group, or service account
- ClusterRoleBinding: grants a ClusterRole
Why it matters
RBAC limits what users, applications, controllers, and operators can do.
Good RBAC reduces the blast radius of mistakes or compromised workloads.