What is the role of RBAC in container orchestration platforms?

Role-based access control determines who can access and modify resources inside a container orchestration platform. It works by defining roles that grant specific permissions (like read, create, update, delete) on API resources such as pods, deployments, services, and namespaces, and then binding those roles to users or service accounts. This setup enforces least privilege: a user might be allowed to view resources in a namespace but not delete them, or a service account might be permitted to create deployments but not alter cluster-wide settings. In Kubernetes this is implemented with Roles and ClusterRoles plus RoleBindings and ClusterRoleBindings, allowing both namespace-scoped and cluster-wide permissions. So RBAC is about who can do what to resources in the orchestrator. It does not by itself encrypt data in transit (that’s TLS), it doesn’t manage container image versions (handled by registries and CI/CD), and it doesn’t schedule workloads (that’s the scheduler).