Since Kubernetes 1.6, RBAC is enabled by default. In RBAC, the admin creates several Roles or ClusterRoles that define the fine-grained permissions that specify a set of resources and actions (verbs) that roles can access and manipulate. After that, the admin grants the Role permission to users through RoleBinding or ClusterRoleBindings.
If you're running minikube, add --extra-config=apiserver.Authorization.Mode=RBAC when using minikube start. If you're running a self-hosted cluster on AWS via kops, add --authorization=rbac when launching the cluster. Kops launches an API server as a pod; using the kops edit cluster command could modify the spec of the containers. EKS and GKE support RBAC natively.