Example Custom RBAC Kubernetes for Developer

This article will give you an example of how to create custom RBAC Kubernetes for developers. This example is for creating developer access only for Kube port forward.

  • RBAC.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: developer-clusterrole
rules:
- apiGroups: [""]
  resources: ["pods", "pods/portforward", "services"]
  verbs: ["get", "list", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: developer-clusterrolebinding
subjects:
- kind: ServiceAccount
  name: developer-sa
  namespace: default
roleRef:
  kind: ClusterRole
  name: developer-clusterrole
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: developer-sa
  namespace: default
---
apiVersion: v1
kind: Secret
metadata:
  name: developer-token
  namespace: default
  annotations:
    kubernetes.io/service-account.name: developer-sa
type: kubernetes.io/service-account-token
  • Example KUBECONFIG
apiVersion: v1
kind: Config
clusters:
- cluster:
    certificate-authority-data: <CA Base64>
    server: https://10.9.2.1:6443
  name: your-cluster
contexts:
- context:
    cluster: your-cluster
    namespace: default
    user: developer-sa
  name: your-context
current-context: your-context
users:
- name: developer-sa
  user:
    token: <SA Token>

Note:
– Get your SA Token inside developer-token secret.

Leave a Reply