Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- What is a context? Interview question
- Pattern: A RoleBinding links a user or service account to a role
- A RoleBinding grants permissions within a specific namespace whereas a ClusterRoleBinding grants that access cluster-wide.
- kubectl api-resources
- kubectl api-versions
- kubectl create ns development
- kubectl create ns production
- openssl genrsa -out DevDan.key 2048
- openssl req -new -key DevDan.key -out DevDan.csr -subj "/CN=DevDan/O=development"
- sudo openssl x509 -req -in DevDan.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out DevDan.crt -days 45
- kubectl config set-credentials DevDan --client-certificate=/home/ubuntu/DevDan.crt --client-key=/home/ubuntu/DevDan.key
- kubectl config set-context DevDan-context --cluster=kubernetes --namespace=development --user=DevDan
- less ~/.kube/config
- kubectl --context=DevDan-context get pods
- kubectl config get-contexts
- role-dev.yaml # mind the indentation!
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: development name: developer rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["deployments", "replicasets", "pods"]
verbs: ["list", "get", "watch", "create", "update", "patch", "delete"] - rolebind.yaml
kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: developer-role-binding namespace: development subjects:
- kind: User
name: DevDan
apiGroup: ""
roleRef:
kind: Role
name: developer
apiGroup: "" - kubectl config use-context DevDan-context
- kubectl get pod
- create and delete a pod
Exercise
- Make a new context such that Dan can view pods in production but not create them
Add Comment
Please, Sign In to add comment