Friday, March 30, 2018

Kubernetes Credential

credential

K8S Credential

[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
After=etcd.service

[Service]
User=root
ExecStart=/opt/bin/kube-apiserver \
 --insecure-bind-address=0.0.0.0 \
 --insecure-port=8080 \
 --etcd-servers=http://192.168.51.131:2379\
 --logtostderr=false \
 --allow-privileged=true \
 --service-cluster-ip-range=172.18.0.0/16 \
 --admission-control=NamespaceLifecycle,ServiceAccount,LimitRanger,SecurityContextDeny,ResourceQuota \
 --service-node-port-range=30000-32767 \
 --advertise-address=192.168.51.131 \
 --v=6 \
 --storage-backend="etcd2" \
 --log-dir="/var/log/kubernetes" \
 --client-ca-file=/srv/kubernetes/ca.crt \
 --tls-private-key-file=/srv/kubernetes/server.key \
 --tls-cert-file=/srv/kubernetes/server.cert \
 --service_account_key_file=/srv/kubernetes/server.key \
 --runtime-config=batch/v2alpha1=true \
 --apiserver-count=2 \
 --authorization-mode=Node,RBAC \
 --secure-port=6443 \
 --token-auth-file=/etc/kubernetes/pki/tokens.csv \
 --basic-auth-file=/etc/kubernetes/basic_auth

Restart=on-failure
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

adding four lines above

 --authorization-mode=Node,RBAC \
 --secure-port=6443 \
 --token-auth-file=/etc/kubernetes/pki/tokens.csv \
 --basic-auth-file=/etc/kubernetes/basic_auth

where

/etc/kubernetes/pki/tokens.csv

792c62a1b5f2b07b,admin,ab47c6cb-f403-11e6-95a3-0800279704c8,system:kubelet-bootstrap

and

/etc/kubernetes/basic_auth

1234,admin,1

Binding the role and namespace

kubectl create rolebinding bob-admin-binding --clusterrole=admin --user=admin --namespace=ebot

Once we bind admin user to ebot, it cannot use in default, shown as followed

root@kubecontext:~# kubectl --token=792c62a1b5f2b07b --server=https://192.168.51.131:6443   get po --namespace=default
Error from server (Forbidden): pods is forbidden: User "admin" cannot list pods in the namespace "default"

it can use in ebot namespace, you can use token as followed,

kubectl --token=792c62a1b5f2b07b --server=https://192.168.51.131:6443  get po --namespace=ebot

Use Username Password as followed.

kubectl --username=admin --password=1234 --server=https://192.168.51.131:6443 get pod  --namespace=ebot

One can remove --namespace setting, you then can access all namespaces.

kubectl create rolebinding bob-admin-binding --clusterrole=admin --user=admin

Set Up Kube Config

kubectl config set-cluster seccluster --server=https://192.168.51.131:6443 --insecure-skip-tls-verify=true
kubectl config set-credentials dev-user1 --username=admin --password=1234

or just use token is fine

kubectl config set-credentials dev-user1 --token=792c62a1b5f2b07b
kubectl config set-context secctx2 --cluster=seccluster --user=dev-user1 --namespace=kube-system
kubectl config use-context  secctx2

You will see the result

root@kuberm:~# kubectl get po
NAME                       READY     STATUS    RESTARTS   AGE
kube-dns-846480609-v3sn1   3/3       Running   18         54d

However, You need to add the privelege to admin role with namespace kube-system

kubectl create rolebinding bob-admin-binding --clusterrole=admin --user=admin --namespace=kube-system
Posted by at

8 comments:

  1. Bhanu SreeMarch 6, 2020 at 8:52 PM

    This information is really awesome thanks for sharing most valuable information.
    Docker Training in Hyderabad
    Kubernetes Training in Hyderabad
    Docker and Kubernetes Training
    Docker and Kubernetes Online Training

    ReplyDelete
  2. Sowmiya RJuly 22, 2020 at 10:28 AM

    wonderful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article.
    Thank you for sharing any good knowledge and thanks for fantastic efforts.
    oracle training in chennai

    oracle training institute in chennai

    oracle training in bangalore

    oracle training in hyderabad

    oracle training

    hadoop training in chennai

    hadoop training in bangalore

    ReplyDelete
  3. vaibhavwadfordFebruary 26, 2022 at 1:47 PM

    No deposit bonus codes 2021
    Top No Deposit 안전바카라사이트 Bonuses 먹튀사이트 조회 List 라이브바카라 2021. No Deposit Bonus Codes. Best no deposit casinos for 2021. List of no deposit casino bonus codes for US players. Get a 아시안부키 200% match 구글 룰렛

    ReplyDelete
  4. vbetDecember 15, 2022 at 4:43 AM

    Good content. You write beautiful things.
    hacklink
    vbet
    hacklink
    mrbahis
    sportsbet
    taksi
    mrbahis
    sportsbet
    korsan taksi

    ReplyDelete
  5. gamzeJuly 9, 2023 at 4:15 PM

    manisa
    maraş
    mardin
    marmaris
    mersin
    UL5B

    ReplyDelete
  6. ırmakJuly 23, 2023 at 11:45 AM

    beşiktaş
    eyüpsultan
    gebze
    kaş
    tekirdağ

    WPH6

    ReplyDelete
  7. ebrarJuly 23, 2023 at 2:05 PM

    kağıthane
    muğla
    tuzla
    etiler
    maltepe

    BNQV

    ReplyDelete
  8. yusufAugust 4, 2023 at 5:12 PM

    Cod Benzeri Oyunlar
    Terraria Benzeri Oyunlar
    Escape Benzeri Oyunlar
    Ark Benzeri Oyunlar
    Max Payne Benzeri Oyunlar

    JLHİDİ

    ReplyDelete

Subscribe to: Post Comments (Atom)