Sign in Subscribe
Concepts

Kubectl and Database Roles

Andrios Robert

1 min read

The database refused the query. You check the logs. The problem isn’t code. It’s permissions. In Kubernetes, database roles are often the quiet failure point. Understanding how to inspect, create, and manage them with kubectl is the difference between a live service and downtime.

Kubectl and Database Roles

kubectl is the primary CLI for interacting with Kubernetes clusters. While it doesn’t manage database roles directly, it gives you command and control over the Pods, Secrets, and ConfigMaps that define how your applications connect to a database. The role definitions live inside the database engine itself, but the manifests and secrets that represent those credentials in Kubernetes are within kubectl’s reach.

Inspecting Roles via kubectl

Start with secrets. Run:

kubectl get secrets
kubectl describe secret <secret-name>

These often store credentials tied to a database role. Review environment variables in Deployment specs:

kubectl get deployment <deployment-name> -o yaml

Trace how the app authenticates. Match the username to a database role in your DBMS.

Updating Database Roles with kubectl

When you need to update a role’s credentials, generate a new secret:

kubectl create secret generic db-credentials \
 --from-literal=username=newuser \
 --from-literal=password=newpass

Update the Deployment to reference this secret. Apply changes:

kubectl apply -f deployment.yaml

Then update the role inside your database using its native tools (psql, mysql, etc.).

Role-Based Access in Kubernetes vs. Database Roles

Do not confuse Kubernetes RBAC roles with database roles. Kubernetes RBAC controls API access inside the cluster. Database roles control permissions inside the database. Your system security depends on keeping both scopes correct and consistent.

Best Practices

  • Store database credentials in Kubernetes Secrets, never plaintext.
  • Rotate credentials when changing database roles.
  • Audit database roles regularly.
  • Use kubectl to verify that credentials in use match intended role policies.

Tight control of database roles through Kubernetes manifests and kubectl commands ensures security and uptime.

See how this works in practice—deploy and configure secure database roles in Kubernetes using hoop.dev. You can see it live in minutes.