Document

SUBSCRIBE TO GET FULL ACCESS TO THE E-BOOKS FOR FREE 🎁SUBSCRIBE NOW

Language

Join Us:

Facebook-f X-twitter Youtube

Contact Us:

Envelope Whatsapp

#Tags

Jobs
AWS
Part-Time
Full-Time
Remote only
JOBS
EDUCATION
SUPPORT
E-BOOKS

SUBSCRIBE NOW TO GET FREE ACCESS TO EBOOKS

Professional Dropdown with Icon

SUBSCRIBE NOW TO GET FREE ACCESS TO EBOOKS

EDUCATION
JOBS

Kubernetes-RBAC

Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization.

LAB

kubectl create ns finance

openssl genrsa -out john.key 2048  # it will create a private key

openssl req -new -key john.key -out john.csr -subj “/CN=john/O=javadeveloper”

openssl x509 -req -in john.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out john.crt -days 500

#Create a role for namespace finance with resource permission 
#role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: finance
  name: deployment-manager
rules:
– apiGroups: [“”,”extensions”,”apps”]
  #
  # at the HTTP level, the name of the resource for accessing ConfigMap
  # objects is “configmaps”
  resources: [“deployments”,”replicasets”,”pods”]
  verbs: [“get”, “list”, “watch”, “create”, “update”, “patch”, “delete”]

kubectl create -f role.yaml

#rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
# This role binding allows “jane” to read pods in the “default” namespace.
# You need to already have a Role named “pod-reader” in that namespace.
kind: RoleBinding
metadata:
  name: deployment-manager-binding
  namespace: finance
subjects:
# You can specify more than one “subject”
– kind: User
  name: john
  apiGroup: “”
roleRef:
  # “roleRef” specifies the binding to a Role / ClusterRole
  kind: Role #this must be Role or ClusterRole
  name: deployment-manager # this must match the name of the Role or ClusterRole you wish to bind to
  apiGroup: “”

kubectl create -f rolebinding.yaml

kubectl config set-credentials john –client-certificate=/home/ubuntu/temp/john.crt –client-key=/home/ubuntu/temp/john.key

kubectl config set-context developer-context –cluster=kubernetes –namespace=finance –user=john

kubectl config use-context developer-context

kubectl config delete-context kubernetes-admin@kubernetes

—-Install client

curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl

 chmod +x ./kubectl

 sudo mv ./kubectl /usr/local/bin/kubectl

 kubectl version –client

Considering that you are logged in as a root user and kubectl installed, then you need to have $HOME/.kube directory if it does not exist then create that directory.

 ls ./$HOME/.kube

Copy the config file under.kube directory

  kubectl  config view

 

 kubectl get pods -n finance

 kubectl  run nginx-pod –image=nginx -n finance

 

 kubectl  get pods -n finance

Share your love
drweb
drweb
Articles: 734

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2023 devopelastichayway.com All rights reserved.