- First you create a namespace
kubectl create ns project
- Generate Developer Key
openssl genrsa -out developer.key 2048
- Generate Developer CSR
openssl req -new -key developer.key -out developer.csr -subj "/CN=developer/O=developer"
- List Kubernetes Certificates
ls -tlh /etc/kubernetes/pki/
- Sign the CSR with the Kubernetes Certificate Authority
sudo openssl x509 -req -in developer.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out developer.crt -days 365
- Create a Role for the namespace
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: project
name: deployment-manager
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["deployment", "replicasets", "pods", "services"] # You can also use ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]
- Create Role Binding
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: project
name: deployment-manager-binding
subjects:
- kind: User
name: developer
apiGroup: ""
roleRef:
kind: Role
name: deployment-manager
apiGroup: ""
- After applying download the certs using
scp [email protected]:~/dev-certs/* /Users/Ody/Desktop/certs/
then we proceed to the developers machine...
- We set the credentials and the local context
# Setup Dev Credentials
kubectl config set-credentials developer --client-certificate=developer.crt --client-key=developer.key
# Setup local Context
kubectl config set-context local --cluster=local-cluster --namespace=project --user=developer