Skip to content

Latest commit

 

History

History
80 lines (53 loc) · 1.9 KB

README.md

File metadata and controls

80 lines (53 loc) · 1.9 KB

Role Based Access Control

RBAC
Tips and Tricks

For simulated Practice problems visit KillerCoda.

  1. create a role named developer which has can perform anything on pods & services.

    Solution 

    # file role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: developer
rules:
- apiGroups: [""]
  resources: ["pods", "services"]
  verbs: ["*"]


# using imperative command
k create role developer --resource=pods,services --verb=*

  2. create a user ardino. The certificate and key are provided user.crt & user.key.

    Setup 

    # Step 1: Generate a private key and CSR
openssl genrsa -out user.key 2048
openssl req -new -key user.key -out user.csr -subj "/CN=user/O=users"

# Step 2: Sign the CSR with the Kubernetes CA
# Assuming the Kubernetes CA files are located at /etc/kubernetes/pki/
openssl x509 -req -in user.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out user.crt -days 365

    Solution 

    # create user
k config set-credentials ardino --client-certificate=user.crt --client-key=user.key

  3. create a role binding developer-rolebinding.

    Solution 

    # create user
k create rolebinding developer-rolebinding --user=ardino --role=developer