I am looking for process to create a user and assign him certain permissions. Please let me know how to do it ?
You can create users in two ways. By creating human user or service account. For human user you need to create certificate and for service account you just need to run once command.
Please find the docs below for creating users and giving permissions:
Kubernetes itself doesn’t really have users. Those are generally done by an external provider via OIDC. It DOES have ServiceAccounts that you can sort of use like users, but they’re meant for applications within the cluster to authenticate to the API server.
After going through all the above mentioned block, I found below solution
- Create user CSR
openssl genrsa -out user1.key 2048
openssl req -new -key user1.key -out user1.csr
- Approve CSR
openssl x509 -req -in user1.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out user1.crt -days 500
- Create Role or ClusterRole
- apiGroups: ["", “extensions”, “apps”]
resources: [“deployments”, “pods”, “services”]
verbs: [“get”, “list”, “watch”, “create”, “update”, “patch”, “delete”]
- Create RoleBindings
- kind: User
- Use it
kubectl config set-credentials user1 --client-certificate=/root/user1.crt --client-key=user1.key
kubectl config set-context user1-context --cluster=kubernetes --namespace=test-namespace --user=user1