concept

Kubernetes ABAC

Kubernetes ABAC (Attribute-Based Access Control) is an authorization mechanism in Kubernetes that grants or denies access to resources based on attributes (such as user, resource type, or namespace) defined in policies. It allows administrators to create fine-grained access control rules by specifying attributes in JSON policy files, which the Kubernetes API server evaluates during authorization requests. ABAC was an early authorization option in Kubernetes but has been largely superseded by RBAC (Role-Based Access Control) in modern deployments due to its complexity and limitations.

Also known as: Kubernetes Attribute-Based Access Control, K8s ABAC, Kubernetes ABAC Authorization, ABAC in Kubernetes, Kubernetes ABAC Policy
🧊Why learn Kubernetes ABAC?

Developers should learn about Kubernetes ABAC primarily for historical context or when maintaining legacy Kubernetes clusters that still use it, as it was commonly used in versions before 1.6. It is useful for understanding the evolution of Kubernetes security models and for scenarios where attribute-based policies (e.g., granting access based on specific user attributes or resource properties) are required, though RBAC is now the recommended standard for most use cases due to its simplicity and better integration.

Compare Kubernetes ABAC

Kubernetes ABAC vs Kubernetes RbacKubernetes ABAC vs Open Policy AgentKubernetes ABAC vs Kubernetes Webhook

Learning Resources

📄
Kubernetes ABAC Documentation
docs
📄
Kubernetes Authorization Overview
docs
🎬
Kubernetes Security and RBAC Tutorial
video
📝
Kubernetes The Hard Way - Security Section
tutorial
📚
Kubernetes in Action - Security Chapter
book

Related Tools

Kubernetes RbacKubernetes AuthenticationKubernetes SecurityKubernetes PolicyKubernetes Api

Alternatives to Kubernetes ABAC

Kubernetes RbacOpen Policy AgentKubernetes Webhook