Kubernetes RBAC
Jump to navigation
Jump to search
https://discuss.kubernetes.io/t/how-to-create-user-in-kubernetes-cluster-and-give-it-access/9101
https://kubernetes.io/docs/reference/access-authn-authz/authentication/
https://jeremievallee.com/2018/05/28/kubernetes-rbac-namespace-user.html
https://jeremievallee.com/2018/05/28/kubernetes-rbac-namespace-user.html
After going through all the above mentioned block, I found below solution Create user CSR openssl genrsa -out user1.key 2048 openssl req -new -key user1.key -out user1.csr Approve CSR openssl x509 -req -in user1.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out user1.crt -days 500 Create Role or ClusterRole cat role.yml kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 4 metadata: namespace: test-namespace name: user1-role rules: - apiGroups: ["", “extensions”, “apps”] resources: [“deployments”, “pods”, “services”] verbs: [“get”, “list”, “watch”, “create”, “update”, “patch”, “delete”] Create RoleBindings cat binding.yml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 4 metadata: name: user1-rolebinding namespace: test-namespace subjects: kind: User name: user1 apiGroup: “” roleRef: kind: Role name: user1-role apiGroup: “” Use it kubectl config set-credentials user1 --client-certificate=/root/user1.crt --client-key=user1.key kubectl config set-context user1-context --cluster=kubernetes --namespace=test-namespace --user=user1