Example Custom RBAC Kubernetes for Developer

AH
Ahmad Lukman Hakim

Engineer, Jakarta

# kubernetes# security

This article will give you an example of how to create custom RBAC Kubernetes for developers. This example is for creating developer access only for Kube port forward.

  • RBAC.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: developer-clusterrole
rules:
- apiGroups: [""]
  resources: ["pods", "pods/portforward", "services"]
  verbs: ["get", "list", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: developer-clusterrolebinding
subjects:
- kind: ServiceAccount
  name: developer-sa
  namespace: default
roleRef:
  kind: ClusterRole
  name: developer-clusterrole
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: developer-sa
  namespace: default
---
apiVersion: v1
kind: Secret
metadata:
  name: developer-token
  namespace: default
  annotations:
    kubernetes.io/service-account.name: developer-sa
type: kubernetes.io/service-account-token
  • Example KUBECONFIG
apiVersion: v1
kind: Config
clusters:
- cluster:
    certificate-authority-data: <CA Base64>
    server: https://10.9.2.1:6443
  name: your-cluster
contexts:
- context:
    cluster: your-cluster
    namespace: default
    user: developer-sa
  name: your-context
current-context: your-context
users:
- name: developer-sa
  user:
    token: <SA Token>

Note:
- Get your SA Token inside developer-token secret.

© 2026 LUKMANLAB

A special thanks for the design inspiration from mas Nur Praditya

Terms & Conditions