How to create user in Kubernetes cluster and give it access?

I am looking for process to create a user and assign him certain permissions. Please let me know how to do it ?

You can create users in two ways. By creating human user or service account. For human user you need to create certificate and for service account you just need to run once command.

Please find the docs below for creating users and giving permissions:


https://jeremievallee.com/2018/05/28/kubernetes-rbac-namespace-user.html


Kubernetes itself doesn’t really have users. Those are generally done by an external provider via OIDC. It DOES have ServiceAccounts that you can sort of use like users, but they’re meant for applications within the cluster to authenticate to the API server.

After going through all the above mentioned block, I found below solution

  1. Create user CSR

openssl genrsa -out user1.key 2048
openssl req -new -key user1.key -out user1.csr

  1. Approve CSR

openssl x509 -req -in user1.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out user1.crt -days 500

  1. Create Role or ClusterRole

cat role.yml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-namespace
name: user1-role
rules:
- apiGroups: ["", “extensions”, “apps”]
resources: [“deployments”, “pods”, “services”]
verbs: [“get”, “list”, “watch”, “create”, “update”, “patch”, “delete”]

  1. Create RoleBindings

cat binding.yml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: user1-rolebinding
namespace: test-namespace
subjects:

  • kind: User
    name: user1
    apiGroup: “”
    roleRef:
    kind: Role
    name: user1-role
    apiGroup: “”
  1. Use it

kubectl config set-credentials user1 --client-certificate=/root/user1.crt --client-key=user1.key

kubectl config set-context user1-context --cluster=kubernetes --namespace=test-namespace --user=user1