Kubernetes RBAC Scoping

RBAC misconfigurations grant too much. The scoping pattern that produces tight, reviewable RBAC.

Namespace-scoped

Default: Roles, not ClusterRoles. Bind in the namespace.

ClusterRoles for cluster-wide concerns only (cert-manager, ingress-nginx).

Specific verbs

Avoid '*'. List exactly: get, list, watch (read), or create, update, delete (write).

Audit grep: any rules with verbs:['*'] or resources:['*'] is suspect.

Quarterly review

Each role: who is bound? Are they still appropriate?

Stale bindings are common; clean up.