Kube RBAC Proxy
by pcloudhosting
Version 0.20.1+ Free Support on Ubuntu 24.04
kube-rbac-proxy is a lightweight HTTP reverse proxy designed for Kubernetes that uses Kubernetes Role-Based Access Control (RBAC) to authorize incoming requests. It acts as a security layer in front of an application or endpoint—most commonly metrics endpoints—by validating requests against the Kubernetes API server and allowing access only to users or service accounts with the appropriate RBAC permissions.
Features of kube-rbac-proxy:
- Uses Kubernetes RBAC to authorize HTTP and HTTPS requests.
- Acts as a reverse proxy in front of protected endpoints.
- Commonly used to secure Prometheus metrics endpoints.
- Does not require changes to application code.
- Supports TLS for secure communication.
- Works as a sidecar or standalone container in Kubernetes.
Common kube-rbac-proxy Commands:
$ kube-rbac-proxy --version
To Check kube-rbac-proxy Version (Docker):
$ docker run --rm quay.io/brancz/kube-rbac-proxy:v0.20.1 --version
To Check kube-rbac-proxy Version (Kubernetes):
$ kubectl exec -n <namespace> <kube-rbac-proxy-pod> -- kube-rbac-proxy --version
Access kube-rbac-proxy Information:
- Proxy Pod Status:
kubectl get pods -n <namespace> - Proxy Logs:
kubectl logs -n <namespace> <kube-rbac-proxy-pod> - Deployment/Sidecar Info:
kubectl describe pod -n <namespace> <pod-name>
Disclaimer: kube-rbac-proxy is open-source software distributed under the Apache License 2.0. It is maintained by the Kubernetes and open-source community. The software is provided "as is" without warranties of any kind. Users are responsible for configuring RBAC rules, TLS settings, and access policies in accordance with Kubernetes security best practices.