RBAC Best Practices

Kubernetes Role-Based-Access-Control (RBAC) is a security measure to ensure that the cluster users and workloads gets access to the required resources to execute their roles. Nirmata provides a collection of Kyverno policies that are aimed at implementing RBAC best practices. Refer to the official Kubernetes documentation to learn about the practices in detail.

To install all the policies for RBAC best practices, refer to the instructions provided in the README guide.

Click on the below profiles to dig deeper into the controls and their associated Kyverno policy. Nirmata also provides a reference to what a good resource looks like that conforms to these policies.

RBAC Best Practices

Disable Automount SA Token

Restrict Automount SA Token

Restrict Binding System Groups

Restrict ClusterRole Nodesproxy

Restrict Escalation Verbs Roles

Restrict Wildcard Resources