This article will give you an example of how to create custom RBAC Kubernetes for developers. This example is for creating developer access only for Kube port forward.
- RBAC.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: developer-clusterrole rules: - apiGroups: [""] resources: ["pods", "pods/portforward", "services"] verbs: ["get", "list", "create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: developer-clusterrolebinding subjects: - kind: ServiceAccount name: developer-sa namespace: default roleRef: kind: ClusterRole name: developer-clusterrole apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: developer-sa namespace: default --- apiVersion: v1 kind: Secret metadata: name: developer-token namespace: default annotations: kubernetes.io/service-account.name: developer-sa type: kubernetes.io/service-account-token
- Example KUBECONFIG
apiVersion: v1 kind: Config clusters: - cluster: certificate-authority-data: <CA Base64> server: https://10.9.2.1:6443 name: your-cluster contexts: - context: cluster: your-cluster namespace: default user: developer-sa name: your-context current-context: your-context users: - name: developer-sa user: token: <SA Token>
Note:
– Get your SA Token inside developer-token
secret.
Admin LUKMANLAB, DevOps Engineer, Site Reliability Engineer, System Administrator.