Skip to content
~/jwright▮
AboutSkillsProjectsBlogContact

#Tag

Posts tagged “rbac”

← All posts

  1. SECURITY SERIES · 0323 June 2026·3 min read

    Every pod holds a key to a door it never opens

    Least privilege for Kubernetes workloads doesn't start with an RBAC role — it starts with revoking the API token every pod silently carries, then layering identity, non-root, and Pod Security on top.

    • kubernetes
    • security
    • least-privilege
    • rbac
    • service-accounts
jonny@bztmon:~ · session receipt✓ Synced · Healthy

$ whoami

Jonathon Wright— Platform & Infrastructure Engineer

$ traceroute www.bztmon.com

served from a homelab Kubernetes cluster, over an encrypted tunnel

$ git log -1 --format=receipt

HEAD ac333e2· built 2026-07-14 08:44Z· reconciled by ArgoCD

$ contact --priority low-ms

ping me on LinkedIn or email — everything else is best-effort delivery.

$

© 2026 Jonathon Wright·CC BY-NC-SA 4.0·built with Astro, shipped via GitOps