Learn how to apply the principle of least privilege to Kubernetes RBAC policies
Use ClusterRoles and ClusterRoleBindings in an eligible way
Use 'kubectl who-can' plugin to test whether your cluster is compliant with the above-mentioned best practices
Providing the right access to administer your Kubernetes cluster is crucial. It reduces exposure and vulnerability but is hard to manage and visualize with 'kubectl' and the Kubernetes API directly. There are certain best practices to be applied, but those are typically not imposed by the default Kubernetes cluster deployments.
In this webinar we're going to show you an open source tool developed at Aqua, a 'kubectl' plugin called 'who-can', for auditing your cluster's RBAC configuration to find some of the vulnerabilities.