Just a collection of tools that I use for managing RBAC on Kubernetes. This will no doubt be an ongoing and evolving project.
Because submodules are heavily used here, make sure to clone this repo by:
git clone https://github.com/mrlesmithjr/k8s-rbac-management-tools.git --recursiveThe following requirements are needed:
In the utils directory you will find a collection of useful Git submodules. You will most definitely want to keep them up to date.
Updating submodules:
git submodule update --remote --init --recursivesh scripts/create_kube_users.sh -h
Usage:
create_kube_users.sh -a ACTION -d CONFIG_DIR -k KUBECONFIG -o ORG -t PRIVATE_KEY_TEMPLATE -u USERNAME
-a Action (apply|delete)
-d Directory to store configs
-h Display help
-k Path to KUBECONFIG
-o Org name for SSL cert
-t Path to PRIVATE_KEY_TEMPLATE
-u USERNAME to createsh create_kube_users.sh -a apply -d ../KUBE_CONFIGS -k /Users/larrysmithjr/.kube/config -o TEST -t private_key_template.json -u "$(whoami)"File structure is based on $USERNAME which is derived from -u and $KUBE_CLUSTER_NAME.
The $KUBE_CLUSTER_NAME represents docker-desktop in the example below. So,
if you had multiple clusters defined in your KUBECONFIG derived from -k. You
would have multiple files based on each cluster. Whereas the users generated
KUBECONFIG is simply config.
tree KUBE_CONFIGS
KUBE_CONFIGS
└── larrysmithjr
├── config
├── docker-desktop-ca.pem
├── larrysmithjr-docker-desktop-key.pem
├── larrysmithjr-docker-desktop-rbac-access.yaml
├── larrysmithjr-docker-desktop.csr
└── larrysmithjr-docker-desktop.pemI am heavily leveraging rbac-manager to handle all bindings, etc.
You can apply the rbac-manager manifest using one of the following:
kubectl apply -f https://raw.githubusercontent.com/FairwindsOps/rbac-manager/master/deploy/all.yaml kubectl apply -f utils/rbac-manager/deploy/all.yamlMIT
Larry Smith Jr.