Followers

Kubernetes-RBAC

 Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization.

LAB

kubectl create ns finance

openssl genrsa -out john.key 2048  # it will create a private key

openssl req -new -key john.key -out john.csr -subj "/CN=john/O=javadeveloper"


openssl x509 -req -in john.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out john.crt -days 500


#Create a role for namespace finance with resource permission 
#role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: finance
  name: deployment-manager
rules:
- apiGroups: ["","extensions","apps"]
  #
  # at the HTTP level, the name of the resource for accessing ConfigMap
  # objects is "configmaps"
  resources: ["deployments","replicasets","pods"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]


kubectl create -f role.yaml



#rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
# This role binding allows "jane" to read pods in the "default" namespace.
# You need to already have a Role named "pod-reader" in that namespace.
kind: RoleBinding
metadata:
  name: deployment-manager-binding
  namespace: finance
subjects:
# You can specify more than one "subject"
- kind: User
  name: john
  apiGroup: ""
roleRef:
  # "roleRef" specifies the binding to a Role / ClusterRole
  kind: Role #this must be Role or ClusterRole
  name: deployment-manager # this must match the name of the Role or ClusterRole you wish to bind to
  apiGroup: ""


kubectl create -f rolebinding.yaml


kubectl config set-credentials john --client-certificate=/home/ubuntu/temp/john.crt --client-key=/home/ubuntu/temp/john.key


kubectl config set-context developer-context --cluster=kubernetes --namespace=finance --user=john

kubectl config use-context developer-context

kubectl config delete-context kubernetes-admin@kubernetes

----Install client

curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl


 chmod +x ./kubectl


 sudo mv ./kubectl /usr/local/bin/kubectl

 kubectl version --client


Considering that you are logged in as a root user and kubectl installed, then you need to have $HOME/.kube directory if it does not exist then create that directory.

 ls ./$HOME/.kube

Copy the config file under.kube directory

  kubectl  config view

 

 kubectl get pods -n finance

 kubectl  run nginx-pod --image=nginx -n finance

 kubectl  get pods -n finance

Services

COMMENTS

BLOGGER
Name

Ansible,6,AWS,1,Azure DevOps,1,Containerization with docker,2,DevOps,2,Docker Quiz,1,Docker Swarm,1,DockerCompose,1,ELK,2,git,2,Jira,1,Kubernetes,1,Kubernetes Quiz,5,SAST DAST Security Testing,1,SonarQube,3,Splunk,2,vagrant kubernetes,1,YAML Basics,1,
ltr
static_page
DevOpsWorld: Kubernetes-RBAC
Kubernetes-RBAC
DevOpsWorld
https://www.devopsworld.co.in/p/kubernetes-rbac.html
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/p/kubernetes-rbac.html
true
5997357714110665304
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content