kubernetes-security

I am trying to configure Kubernetes RBAC in the least-permissive way possible and I want to scope my roles to specific resources and subresouces. I've dug through the docs and can't find a concise list of resources and their subresources. I'm particularly interested in a the subresource that governs a a part of a Deployment's spec--the container image. Using kubectl api-resources -o wide shows all the ressources , verbs and associated API-group . $ kubectl api-resources -o wide NAME SHORTNAMES APIGROUP NAMESPACED KIND VERBS bindings true Binding [create] componentstatuses cs false

I have deployed kubernetes v1.8 in my workplace. I have created roles for admin and view access to namespaces 3months ago. In the initial phase RBAC is working as per the access given to the users. Now RBAC is not happening every who has access to the cluster is having clusteradmin access. Can you suggest the errors/changes that had to be done? Ensure the RBAC authorization mode is still being used ( --authorization-mode=…,RBAC is part of the apiserver arguments) If it is, then check for a clusterrolebinding that is granting the cluster-admin role to all authenticated users: kubectl get

Can we use nfs volume plugin to maintain the High Availability and Disaster Recovery among the kubernetes cluster? I am running the pod with MongoDB. Getting the error chown: changing ownership of '/data/db': Operation not permitted . Cloud any body, Please suggest me how to resolve the error? (or) Is any alternative volume plugin is suggestible to achieve HA- DR in kubernetes cluster? Matthew L Daniel chown: changing ownership of '/data/db': Operation not permitted . You'll want to either launch the mongo container as root , so that you can chown the directory, or if the image prohibits it