Skip to content
This repository has been archived by the owner on Oct 29, 2021. It is now read-only.

Latest commit

 

History

History
72 lines (67 loc) · 2.71 KB

3.Create-user-space.md

File metadata and controls

72 lines (67 loc) · 2.71 KB
Raw

3. Create an user space

In this step we are going to prepare a user space composed by a kubernetes namespace, some role bindings that allow to deploy containers and finally a configuration file containing the connection data to this user space in the cluster.

  • Create the namespace: kubectl create namespace sample-psp
  • Create role and rolebinding to allow default service account at sample-psp namespace to deploy applications in: kubectl apply -f rbac/default-sa-at-example-psp-namespace.yaml
  • Create the kubeconfig file to the serviceaccount default in the sample-psp namespace: helper/create_sa_kubeconfig.sh default sample-psp.

Now you should have the following outputs:

$ ls -a .kube-*
.kube-default-kube-system-conf  .kube-default-sample-psp-conf  .kube-insecure
$ kubectl get role.rbac.authorization.k8s.io/developer -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{},"name":"developer","namespace":"default"},"rules":[{"apiGroups":["extensions","apps"],"resources":["deployments","replicasets","ingresses"],"verbs":["*"]},{"apiGroups":[""],"resources":["pods","services"],"verbs":["*"]},{"apiGroups":[""],"resources":["events"],"verbs":["GET","LIST"]}]}
  creationTimestamp: "2019-01-23T16:58:29Z"
  name: developer
  namespace: default
  resourceVersion: "26183"
  selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/default/roles/developer
  uid: 1bed50f0-1f30-11e9-af0b-9cb6d0e7e121
rules:
- apiGroups:
  - extensions
  - apps
  resources:
  - deployments
  - replicasets
  - ingresses
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - pods
  - services
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - GET
  - LIST
$ kubectl get rolebinding.rbac.authorization.k8s.io/developer-at-sample-psp -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"RoleBinding","metadata":{"annotations":{},"name":"developer-at-sample-psp","namespace":"default"},"roleRef":{"apiGroup":"","kind":"Role","name":"developer"},"subjects":[{"kind":"ServiceAccount","name":"default"}]}
  creationTimestamp: "2019-01-23T16:58:29Z"
  name: developer-at-sample-psp
  namespace: default
  resourceVersion: "26184"
  selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/default/rolebindings/developer-at-sample-psp
  uid: 1beeeec3-1f30-11e9-af0b-9cb6d0e7e121
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: developer
subjects:
- kind: ServiceAccount
  name: default