Kubernetes RBAC (Role-Based Access Control) is a security mechanism that regulates who can access or modify resources within a Kubernetes cluster. It defines permissions using roles and bindings, ensuring users and services only have the access they need. Also known as K8s RBAC, it is fundamental to Kubernetes security.
Without RBAC, any authenticated user could potentially perform sensitive operations in a cluster. RBAC enforces the principle of least privilege, reducing security risk, preventing accidental changes, and supporting compliance and audit requirements.
RBAC policies are defined using Role, ClusterRole, RoleBinding, and ClusterRoleBinding resources. When a request is made to the Kubernetes API, it is evaluated against these policies to determine whether the action is allowed or denied.
BuildPiper leverages Kubernetes RBAC as part of its governance model, managing access to clusters, namespaces, and deployment workflows. It helps enforce consistent access policies while providing visibility into who can deploy, modify, or operate resources.
A Role applies permissions within a specific namespace, while a ClusterRole applies permissions across the entire cluster or multiple namespaces.
In most modern Kubernetes distributions, RBAC is enabled by default, but it must be properly configured to be effective.
BuildPiper helps manage RBAC by aligning access controls with environments and deployment workflows, reducing manual policy management while maintaining strong governance.