Role-Based Access Control (RBAC) for Kubernetes

Updated

Role-based access control (RBAC) manages access to a computer or to the network resources based on the roles of individual users in your organization.

You can automate the process of creating a role by using scripts.

RBAC API Objects

The Commvault software uses the ClusterRole, ClusterRoleBinding, and ServiceAccount objects to access the Kubernetes resources.

For information about RBAC API objects, go to Using RBAC Authorization on the Kubernetes website. For information about service accounts, go to Configure Service Accounts for Pods on the Kubernetes website.

RBAC Authorization for Kubernetes Backups and Restores

Kubernetes backup, restore, and browse operations require a service account that has authorization to the resources that you want to protect.

In general, a service account that uses the cluster-admin ClusterRole is restricted in organizations. You must create a service account that has the required authorizations to protect Kubernetes applications using the Commvault software.

Permissions for Resources and Sub-Resources

Resources and sub-resources

Permissions

pods/exec

* [All]

All resources obtained by the kubectl api-resources command

* [All]