This article will give you an example of how to create custom RBAC Kubernetes for developers. This example is for creating developer access only for Kube port forward.
- RBAC.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: developer-clusterrole
rules:
- apiGroups: [""]
resources: ["pods", "pods/portforward", "services"]
verbs: ["get", "list", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: developer-clusterrolebinding
subjects:
- kind: ServiceAccount
name: developer-sa
namespace: default
roleRef:
kind: ClusterRole
name: developer-clusterrole
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: developer-sa
namespace: default
---
apiVersion: v1
kind: Secret
metadata:
name: developer-token
namespace: default
annotations:
kubernetes.io/service-account.name: developer-sa
type: kubernetes.io/service-account-token
- Example KUBECONFIG
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: <CA Base64>
server: https://10.9.2.1:6443
name: your-cluster
contexts:
- context:
cluster: your-cluster
namespace: default
user: developer-sa
name: your-context
current-context: your-context
users:
- name: developer-sa
user:
token: <SA Token>
Note:
– Get your SA Token inside developer-token secret.
Admin LUKMANLAB, DevOps Engineer, Site Reliability Engineer, System Administrator.