├── README.md
├── role.yaml
├── role-binding.yaml
└── steps.shell


/README.md:
--------------------------------------------------------------------------------
1 | # rbac-kubernetes-minikube
2 | Create users with assigned roles in Kubernetes
3 | 
4 | This repository is used at the article published in Medium:
5 | https://medium.com/@HoussemDellai/rbac-with-kubernetes-in-minikube-4deed658ea7b
6 | 


--------------------------------------------------------------------------------
/role.yaml:
--------------------------------------------------------------------------------
1 | kind: Role
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | metadata:
4 |   namespace: default
5 |   name: pod-reader
6 | rules:
7 | - apiGroups: [""] # the core API group
8 |   resources: ["pods"]
9 |   verbs: ["get", "watch", "list"]


--------------------------------------------------------------------------------
/role-binding.yaml:
--------------------------------------------------------------------------------
 1 | kind: RoleBinding
 2 | apiVersion: rbac.authorization.k8s.io/v1
 3 | metadata:
 4 |   name: read-pods
 5 |   namespace: default
 6 | subjects:
 7 | - kind: User
 8 |   name: user1
 9 |   apiGroup: rbac.authorization.k8s.io
10 | roleRef:
11 |   kind: Role
12 |   name: pod-reader
13 |   apiGroup: rbac.authorization.k8s.io


--------------------------------------------------------------------------------
/steps.shell:
--------------------------------------------------------------------------------
 1 | # generate .key
 2 | openssl genrsa -out user1.key 2048
 3 | 
 4 | # generate .csr
 5 | openssl req -new \
 6 |     -key user1.key \
 7 |     -out user1.csr \
 8 |     -subj "/CN=user1/O=eralabs"
 9 | 
10 | ls ~/.minikube/
11 | # Check that the files ca.crt and ca.key exist in the location.
12 | 
13 | # generate .crt
14 | openssl x509 -req \
15 |     -in user1.csr \
16 |     -CA ~/.minikube/ca.crt \
17 |     -CAkey ~/.minikube/ca.key \
18 |     -CAcreateserial \
19 |     -out user1.crt \
20 |     -days 500
21 | 
22 | kubectl config set-credentials user1 \
23 |     --client-certificate=user1.crt \
24 |     --client-key=user1.key
25 | 
26 | kubectl config set-context user1-context \
27 |     --cluster=minikube \
28 |     --namespace=default \
29 |     --user=user1
30 | 
31 | kubectl config view
32 | 
33 | kubectl config use-context user1-context
34 | 
35 | kubectl config current-context
36 | 
37 | kubectl create namespace ns-test # Forbidden
38 | kubectl get pods # Forbidden
39 | 
40 | # Role & RoleBinding
41 | 
42 | kubectl config use-context minikube
43 | 
44 | kubectl apply -f role.yaml
45 | 
46 | kubectl apply -f role-binding.yaml
47 | 
48 | kubectl get roles
49 | 
50 | kubectl get rolebindings
51 | 
52 | kubectl config use-context user1-context
53 | 
54 | kubectl create namespace ns-test
55 | 
56 | kubectl get pods


--------------------------------------------------------------------------------