Kubernetes RBAC with serviceaccount for every new user

TAGS: kubernetes auth docker

Authentication of new k8s users via serviceaccount with RBAC role

  1. Configure RBAC on your cluster (pass –authorization-mode=RBAC to kube-apiserver)
  2. Log via ssh in any Linux machine, install kubectl and jq
    ssh vm1 apt update; apt -y install jq curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl chmod +x kubectl mv kubectl /usr/local/bin
  3. Create kubeconfig with admin rights, test it
    mkdir ~/.kube
    vim ~/.kube/config
    config
    kubectl get no
  4. create adduser.sh file
    adduser.sh
    chmod +x adduser.sh
  5. Modify or cut out last section of adduser.sh - part with Role and Rolebinding yaml
  6. Execute script, create Role and RoleBinding for new user
    adduser.sh cooluser kubectl create -f role.yaml kubectl create -f cooluser_role_bond.yaml
    sample role sample binding
Written on November 22, 2017

Archive

linux openstack kubernetes gluster ceph ansible docker systemctl python openshift log centos sed registry kolla kibana keepalived elasticsearch deploy cloud-init auth HA zabbix vsphere vmware venv tools swift ssl ssh scm ruby rsyslog rhel rbac rabbitmq prometheus postgres policy pgpool2 patrole pacemaker ntp nfs net mq monitoring mongo mbr lvm logstash kubespray kubeadm kolla-ansible jenkins jekyII java ironic helm heketi harbor grub github ganesha fluentd fluent-bit fio drbd diskimage-builder devstack debug deb db cisco cicd ceph-ansible calico build bitbucket benchmarking apparmor api NUMA Linux Golang Go ELK 3par