You can use this script for generate kubeconfig using role for specific namespace or cluster role for cluster
- Use chmod to allow execute script
chmod u+x *.sh
- define you USER_NAME and NAMESPACE
export USER_NAME=developer
export NAMESPACE=mynamespace
- Create manifest
./create_manifest.sh
- Apply to kubernetes
kubectl apply -f rbac_manifests.yaml
- Create kubeconfig
./create_kubeconfig.sh
- You can use new config to test
kubectl --kubeconfig config get pods
- define you USER_NAME
export USER_NAME=developer
- Create manifest
./create_manifest_cluster_role.sh
- Apply to kubernetes
kubectl apply -f rbac_manifests.yaml
- Create kubeconfig
./create_kubeconfig_cluster_role.sh
- You can use new config to test
kubectl --kubeconfig config get pods
###Update Rules
- Take a look in create_manifest script. Here you can update rule to your RBAC
rules:
- apiGroups: [""]
resources: ["pods", "services", "namespaces", "nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods/portforward"]
verbs: ["create", "get", "update", "list", "delete", "watch", "patch"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets", "daemonsets", "replicasets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterroles", "clusterrolebindings"]
verbs: ["get", "list", "watch"]