Skip to content

Latest commit

 

History

History
75 lines (61 loc) · 1.76 KB

generic.md

File metadata and controls

75 lines (61 loc) · 1.76 KB

Setting Up User Accounts in Kubernetes

  1. First you create a namespace
kubectl create ns project
  1. Generate Developer Key
openssl genrsa -out developer.key 2048
  1. Generate Developer CSR
 openssl req -new -key developer.key -out developer.csr -subj "/CN=developer/O=developer"
  1. List Kubernetes Certificates
ls -tlh /etc/kubernetes/pki/
  1. Sign the CSR with the Kubernetes Certificate Authority
sudo openssl x509 -req -in developer.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out developer.crt -days 365
  1. Create a Role for the namespace
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
    namespace: project
    name: deployment-manager
rules:
  - apiGroups: ["", "extensions", "apps"]
    resources: ["deployment", "replicasets", "pods", "services"] # You can also use ["*"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]
  1. Create Role Binding
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
    namespace: project
    name: deployment-manager-binding
subjects:
  - kind: User
    name: developer
    apiGroup: ""
roleRef:
    kind: Role
    name: deployment-manager
    apiGroup: ""
  1. After applying download the certs using
scp [email protected]:~/dev-certs/* /Users/Ody/Desktop/certs/

then we proceed to the developers machine...

  1. We set the credentials and the local context
# Setup Dev Credentials
kubectl config set-credentials developer --client-certificate=developer.crt --client-key=developer.key

# Setup local Context
kubectl config set-context local --cluster=local-cluster --namespace=project --user=developer