Kubernetes RBAC Security

Kubernetes RBAC is the authorization system that determines who can perform what actions on which resources. It uses Roles (define permissions), RoleBindings (assign roles to users/service accounts), and Service Accounts (pod identity). When a user or pod makes an API call to K8s, the API server checks RBAC: is this entity authorized? If yes, proceed. If no, 403 Forbidden. RBAC is declarative: define in YAML, apply to cluster. Scales from single developer to multi-team organizations with different permission levels.