create users and define RBAC in Kubernetes3 min read
When you deploy the Kubernetes cluster for your microservice deployment, there will be some use case that you need to provide some access to other users( it can be developers) to the Kubernetes cluster to manage their microservice.
When you create a Kubernetes cluster(self-hosted) it comes with an admin user called cluster-admin, but you cannot provide this user credentials to dev because cluster-admin has full access to the k8 cluster. Any small mistake can create a bigger issue in the Kubernetes cluster.
In order to tackle this kind of situation, it’s always recommended to create a separate user for the specific user and assign the limited role based on the requirements.
So in this tutorial, I will be showing you how to create a user and provide limited access to a specific namespace.
Because my user prabhin belongs to the developer group and he needs to manage all the resources under the data-collection namespace.
Let’s see how to do that.
Create a new user called prabhin
Generate the private key for the prabhin
Generate the certificate sign request (CSR) for the new prabhin
CN refers to the username, O refers to the group name where the prabhin belongs to, here admin is the groupname
Generate the certificate for prabhin user signed by Kubernetes CA
Create the .kube/confg file for the new prabhin
Create the role for the data-collection namespace
Create Role binding in the data-collection namespace
if you see above here the role is bind based on the group name. So users with dev groups assigned will get access to the data-collection namespace with the above-mentioned roles.
If you need assign based on username it will be like below
It will be very difficult when you assign role binding based on username, so it’s always recommended to group the users, so it will be easier.