Skip to content

Latest commit

 

History

History
65 lines (46 loc) · 1.45 KB

README.md

File metadata and controls

65 lines (46 loc) · 1.45 KB

RBAC

In the training, we will learn about create role based access for a user to grant access on specific k8s cluster resources.

Navigate to the folder 24_rbac from CLI, before you get started.

Inspect definition files and create the servicaccount, clusterrole and clusterrolebinding

cat serviceaccount.yaml
cat clusterrole.yaml
cat clusterrolebinding.yaml
kubectl create -f serviceaccount.yaml
kubectl create -f clusterrole.yaml
kubectl create -f clusterrolebinding.yaml

Inspect pod.yaml definition file and create the pod

cat pod.yaml
kubectl create -f pod.yaml

Exec into the container

kubectl exec -it my-pod -- /bin/sh

Inspect the serviceaccount folder

cd /var/run/secrets/kubernetes.io/serviceaccount/
ls

Set the TOKEN variable

TOKEN=$(cat token)

Try to access the api-server

  • List the pods - this is allowed

    curl -s https://kubernetes.default.svc.cluster.local/api/v1/namespaces/default/pods/ --header "Authorization: Bearer $TOKEN" --cacert ca.crt

  • List the services - you should get a 403 status code back

    curl -s https://kubernetes.default.svc.cluster.local/api/v1/namespaces/default/services/ --header "Authorization: Bearer $TOKEN" --cacert ca.crt

Cleanup

kubectl delete -f .

Jump to Home | Previous Training | Next Training