Kubernetes Security Simplified | Role, ClusterRole, RBAC, RoleBinding, IRSA, Service Account
Vložit
- čas přidán 6. 08. 2024
- Kubernetes security can be confusing. In this video, we dive deep and understand Kubernetes security concepts - ClusterRole, Service Account, ClusterRoleBinding, Role, Role Vs ClusterRole, RoleBinding, IRSA. Difference between Application Security Vs User Security.
💰👨🎓 Get my courses with max discount and 30 day moneyback guarantee: bit.ly/3Eku9RH
🙏Please Subscribe: bit.ly/2Yk0Kbb
*Connect with me*
🤳 Instagram: / cloudwithraj
🏢 LinkedIN: / cloudwithraj
🐦Twitter: / cloudwithraj
🖼 Facebook: / cloudwithraj - Věda a technologie
awesome..just what is needed in minimal time.
Dude, Thank you and I love you for breaking things down that even a person like me can understand.
YES EVEN AN IDIOT LIKE ME ABLE TO UNDERSTAND WHATS THE DIFF BETWEEN ROLE AND CLUSTER ROLE. THANKS SIR
I already know all the K8 specific terminology .. etc really well for on-prem, but I wasn't exactly sure how that ties into AWS, and there goes your video boom ... I totally get it now. many thanks indeed !
Glad it was helpful!
this is the best explanation of k8s subjects like wow.. thank you so much
This is the best explanation of Kubernetes Security
This is very first time I am reading about K8s security topics. I did not understand it completely. It is definitely an advanced + difficult topic. But I am pretty sure no one could have explained it with such ease. Kudos to your teaching style. Subscribed right after this video!
Glad it was helpful! Thanks for the kind words.
Nice - to the point !!!
dude your saving my day right now lol. Masterful.
Too much interesting info. to be digested by my brain in just a few minutes ! good job
Glad you enjoyed it!
Thanks for that clear explanation.
Glad you found this video helpful. Thanks for watching!
Wow now it all makes sense thanks raj
Love the way you present the information. Very intuitive and easy to follow.
Keep up your good work!!!!!
It make me feel lot more clearer in terms of concept,
thanks Buddy
Most welcome 😊
amazing explanation thx
very clear explanation.
Just one video and it made everything clear. Impressive !!!
Glad it helped!
Awesome!!! very nicely explained .. thank you!
Glad you liked it
Thanks. this is clearly explained.
Glad it was helpful!
Excellent.
Many thanks!
you are awesome
nice overview👏👏
Thank you! 👍
nice explanation
Thanks and welcome
Can we create a cluster role for Daemonset, statefulset etc?
So since the role is namespaced so is it true to say it is non reusable for other namespaces
Hi Raj, I am using irsa to link the iam role to service account. For that, I am just annotating the service account with iam role arn. But that setup is not working. Any idea on what other steps to perform in order that to work. Please advice.
I have 2 questions
1. If I was to create ingress and map it to the service, what kind of service type do I have to configure, clusterIP or nodeport ?
2. If I am using imperative commands and want to create service, what's the advantage of using kubectl create service over kubectl expose ?
your videos are very helpful in understanding the concepts and progressing in interviews, great , keep going, I am looking for kubernetes backup and restore topic, pls share the link if you have the video for this topic
Thank you, I will keep this in mind for future videos
Hi Raj bro,
Please make video on how to access EKS or kubernetes cluster remotely
And login user should create pods only
How it’s done can you please make video on it
You are "kube-god" ,thanks for saving us from complexity
You are most welcome
so what is the outcome of service account in usecase
thank you! very much . Love the way you present the information very useful
Glad it was helpful Jagdish!
14:18 what is the point of this mapping of my K8s user to an AWS IAM user ? Is it to grant to my K8s-user rights to access AWS resources from K8s, or is it to specify that AWS IAM is the identity provider for that K8s user ?
The later. Since you are logged in to AWS as an IAM user, EKS needs a way to know what kubernetes user that IAM user is logged to. If you are running commands to access AWS resources from inside a pod, it'd use the IRSA of the pod and not the user IAM creds. Similar to if you run AWS commands from inside an EC2. Hope this helps.
@@cloudwithraj thanks!
I must say i don’t find this level of explanations anywhere.
Pls help to do video on below.
1.IAM role for pods to be able to access EFS.
2. IAM role for cluster-auto scaler.
3. IAM role for alb-ingress controller
Thanks Bhupathi, will keep this in mind for future videos
Coupon doesn’t seems to be working now. Is it expired ?
Thank you so much. You cleared all my doubts regarding this.
why someone want to associate serviceaccount to rolebinding for
Very clear explanation, any discount code for the course?
any discount code for the EKS course in udemy? Please provide thank you ?
here you go Sashank - www.udemy.com/course/rocking-kubernetes-with-amazon-eks-fargate-and-devops/?couponCode=GETEKSNOTCORONA
@@cloudwithraj this one expired, any other code
What is kubelogin?
Raj can you provide the link for manifest files
Here you go Bharath - github.com/saha-rajdeep/eks-demos
@@cloudwithraj Thanks buddy
Awesome! I enrolled your EKS course in Udemy as well.
Awesome, thank you Frankie for the support!
is it only me or the person has a mixed accent?
Liked the content though, just the accent tickling in-ear all the time 😅
Thanks Saikat. My accent is stuck in-between haha. I grew up in Kolkata (I assume you are bengali too looking at your name) and in US for last 16 years with an american spouse, hence the in-between accent. Thanks for the kind words and thanks for watching 🙏.