Achieving Least Privilege Access in Kubernetes

Explore the fundamentals of Kubernetes permissions, access, and Role-Based Access Control (RBAC) in this 56-minute webinar presented by Aqua Security and Apolicy. Learn about RBAC concepts, how access works in Kubernetes, and methods for defining and enforcing access policies. Discover techniques for assigning roles with the minimum necessary access level to perform specific jobs. Gain practical knowledge on achieving least-privilege access in Kubernetes environments. Cover topics such as Kubernetes Roles, Resources, Subjects, Role Bindings, and advanced concepts like Default Aggregated Cluster Roles. Understand common pitfalls, audit processes, and key methods for managing permissions effectively. Join presenters Eran Leib from Apolicy and Daniel Pacak from Aqua Security as they address common security and compliance challenges in dynamic Kubernetes environments.

Introduction
Agenda
Introductions
Rolebased access control
Ongoing maintenance
A common misconception
Kubernetes Roles
What are Roles
What are Resources
NonResources
Subjects
Kubernetes Subjects
Kubernetes Role Bindings
Recap
CanI
Understanding Effective Access
Examples
Advanced Topics
Default
Aggregated Cluster Roles
Role Binding
Common Pitfalls
Autopopulated Groups
List Privilege
Key Method
The compromise
The audit
Steps
Summary
Current Context
Client Certificate
System Masters Group
Service Accounts
Code Token
Audit Log
Cluster Role
Default Service Account
Service Account Flag
Questions