Quick Links & Suggestions
Press Enter to search site, Esc to exit
↑↓ Navigate

Explain Kubernetes RBAC and how you would give a service account read-only access to pods.

Hard Topic: Kubernetes May 24, 2026

RBAC (Role-Based Access Control) is the authorization mechanism in Kubernetes. It uses three objects:

  • Role/ClusterRole: Defines what actions are allowed on which resources.
  • ServiceAccount: An identity for pods or external tools.
  • RoleBinding/ClusterRoleBinding: Links a ServiceAccount to a Role.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
subjects:
- kind: ServiceAccount
  name: my-service-account
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io
← Previous How do services in different namespaces communicate in... Next → What is a Kubernetes Ingress and how does...

Practice Similar Questions

What is the purpose of a PodDisruptionBudget (PDB) in Kubernetes?
Medium
Explain the difference between a Liveness probe, Readiness probe, and...
Medium
How do you troubleshoot high memory usage causing OOMKilled events...
Hard
Back to Kubernetes Topics