Explain Kubernetes RBAC (Role-Based Access Control) and how to implement security best practices.

RBAC in Kubernetes provides fine-grained access control by defining who can perform what actions on which resources.\n\nRBAC Components:\n• Role: Defines permissions within a namespace\n• ClusterRole: Defines cluster-wide permissions\n• RoleBinding: Binds role to subjects in namespace\n• ClusterRoleBinding: Binds cluster role to subjects\n• Subject: User, group, or service account\n\nPermission Model:\n• Verbs: get, list, create, update, delete, watch\n• Resources: pods, services, deployments, etc.\n• API Groups: core, apps, extensions, etc.\n• Resource Names: Specific resource instances\n\nExample Role:\napiVersion: rbac.authorization.k8s.io/v1\nkind: Role\nmetadata:\n namespace: production\n name: pod-reader\nrules:\n- apiGroups: [""]\n resources: ["pods"]\n verbs: ["get", "watch", "list"]\n\nExample RoleBinding:\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: read-pods\n namespace: production\nsubjects:\n- kind: User\n name: jane\n apiGroup: rbac.authorization.k8s.io\nroleRef:\n kind: Role\n name: pod-reader\n apiGroup: rbac.authorization.k8s.io\n\nBest Practices:\n• Principle of least privilege\n• Use service accounts for applications\n• Implement network policies\n• Enable audit logging\n• Regular access reviews\n• Use Pod Security Standards