Kubernetes 101 : Adding security and resource limits to our namespaces
We start by creating our namespace using the below command:
We can now make our namespace secure by restricting access to it.
We could bind a "restrictive" cluster role to users using a role binding object within our namespace.
We create a RoleBinding object inside our namespace as follows:
Below is a cluster role that could only list pods:
If there are no other role bindings associating users to other roles, the users could only access this namespace.
To limit the resources the namespace could access to "2" processor cores and "20 GB" of memory, we set these values for both the resource requests and the resource limits for the pods living in that namespace as follows:
Comments