Shell scripts for help automating RBAC setup on test Kubernetes clusters
The primary purpose is to create:
- a service account
- a namespace
- RBAC rules that restrict the service account to only read/write to that namespace
- RBAC rules that let the service account read Node information
- a kubeconfig for the service account
$ ./create-restricted-namespace.sh [namespace]
Verified working on
- Minikube
- KIND (Kubernetes IN Docker)
- Docker For Desktop (Docker for Mac)
- microk8s - with Microk8s 1.15+, when you run
microk8s.enable rbac
Won't work with:
- kubeadm-dind-cluster - Configured to use the insecure API endpoint by default
Thanks to:
- The Kubernetes RBAC documentation
- Kubernetes and RBAC: Restrict User Access to One Namespace by Jeremie Vallee
- Debugging help from Guillaume Rose
Copyright 2019 Windmill Engineering
Licensed under the Apache License, Version 2.0