Cluster RBAC Profiles

Kubernetes RBAC

The Role Based Access Control or (RBAC) system in Kubernetes is composed of users, roles, and permissions and. It creates objects that allow validated users or groups access to objects and resources within a cluster. RBAC also defines what type of actions are permitted, grounded on the security principle of least privilege based on the user's role and function within the organization.

Cluster RBAC Profiles

Cluster RBAC Profiles are a governance mechanism in PMK to enable operators to easily ensure that all their Kubernetes clusters conform to required RBAC rules. A Cluster RBAC Profile is a collection of Roles, Cluster Roles, Cluster Bindings and Cluster Role Bindings. The RBAC Profile, once created, is stored on the Platform9 SaaS Management Plane, and acts as a form of 'template' for clusters managed by Platform9. RBAC Profiles are created from existing clusters, which can be customized and then deployed to any attached Platform9 cluster. The deployment process will update the target cluster's RBAC policies to ensure it conforms to the profile. Any policies that are outside the profile will be left unchanged.

Profile deployment is non-destructive. Platform9 does not remove Policies or API access from a cluster.

Drift Analytics

The Profile Engine can compare any managed clusters RBAC configuration to any RBAC Profile, including automatically detecting drift for clusters that have a profile applied. Drift Analytics enable you to quickly identify and resolve any RBAC Policy changes that have been made on a cluster that are not compliant with the profile.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated by Madhura Maskasky on Jan 13, 2023
Next to read:
Create RBAC Profile

© 2023 Platform9. All Rights Reserved

On This Page
Cluster RBAC ProfilesKubernetes RBACCluster RBAC ProfilesDrift Analytics