...
Code Block | ||
---|---|---|
| ||
# TODO: create a script out of this # create a namespace # https://kubernetes.io/docs/tasks/administer-cluster/namespaces-walkthrough/#create-new-namespaces vi mobrien_namespace.yaml { "kind": "Namespace", "apiVersion": "v1", "metadata": { "name": "mobrien", "labels": { "name": "mobrien" } } } kubectl create -f mobrien_namespace.yaml # or kubectl --kubeconfig ~/.kube/admin create ns mobrien namespace "mobrien" created # service account kubectl --kubeconfig ~/.kube/admin --namespace=mobrien create sa mobrien serviceaccount "mobrien" created # rolebinding mobrien kubectl --kubeconfig ~/.kube/admin --namespace=mobrien create rolebinding mobrien-mobrien-privilegedpsp --clusterrole=privilegedpsp --serviceaccount=netprogmobrien:mobrien rolebinding "mobrien-mobrien-privilegedpsp" created # rolebinding default kubectl --kubeconfig ~/.kube/admin --namespace=mobrien create rolebinding mobrien-default-privilegedpsp --clusterrole=privilegedpsp --serviceaccount=mobrien:default rolebinding "mobrien-default-privilegedpsp" created # rolebinding admin kubectl --kubeconfig ~/.kube/admin --namespace=mobrien create rolebinding mobrien-mobrien-admin --clusterrole=admin --serviceaccount=mobrien:mobrien rolebinding "mobrien-mobrien-admin" created # rolebinding persistent-volume-role kubectl --kubeconfig ~/.kube/admin --namespace=mobrien create clusterrolebinding mobrien-mobrien-persistent-volume-role --clusterrole=persistent-volume-role --serviceaccount=mobrien:mobrien clusterrolebinding "mobrien-mobrien-persistent-volume-role" created # rolebinding default-persistent-volume-role kubectl --kubeconfig ~/.kube/admin --namespace=mobrien create clusterrolebinding mobrien-default-persistent-volume-role --clusterrole=persistent-volume-role --serviceaccount=mobrien:default clusterrolebinding "mobrien-default-persistent-volume-role" created # rolebinding helm-pod-list kubectl --kubeconfig ~/.kube/admin --namespace=mobrien create clusterrolebinding mobrien-mobrien-helm-pod-list --clusterrole=helm-pod-list --serviceaccount=mobrien:mobrien clusterrolebinding "mobrien-mobrien-helm-pod-list" created # rolebinding default-helm-pod-list kubectl --kubeconfig ~/.kube/admin --namespace=mobrien create clusterrolebinding mobrien-default-helm-pod-list --clusterrole=helm-pod-list --serviceaccount=mobrien:default clusterrolebinding "mobrien-default-helm-pod-list" created # get the serviceAccount and extract the token to place into a config yaml kubectl --kubeconfig ~/.kube/admin --namespace=mobrien get sa NAME SECRETS AGE default 1 20m mobrien 1 18m kubectl --kubeconfig ~/.kube/admin --namespace=mobrien describe serviceaccount mobrien Name: mobrien Namespace: mobrien Labels: <none> Annotations: <none> Image pull secrets: <none> Mountable secrets: mobrien-token-v9z5j Tokens: mobrien-token-v9z5j TOKEN=$(kubectl --kubeconfig ~/.kube/admin --namespace=mobrien describe secrets "$(kubectl --kubeconfig ~/.kube/admin --namespace=mobrien describe serviceaccount mobrien | grep -i Tokens | awk '{print $2}')" | grep token: | awk '{print $2}') echo $TOKEN eyJO....b3VudC # put this in your ~/.kube/config and edit the namespace |
see also https://stackoverflow.com/questions/44948483/create-user-in-kubernetes-for-kubectl
Helm on Rancher unauthorized
...