Just a collection of tools that I use for managing RBAC on Kubernetes. This will no doubt be an ongoing and evolving project.
Because submodules are heavily used here, make sure to clone this repo by:
git clone https://github.com/mrlesmithjr/k8s-rbac-management-tools.git --recursive
The following requirements are needed:
In the utils directory you will find a collection of useful Git submodules. You will most definitely want to keep them up to date.
Updating submodules:
git submodule update --remote --init --recursive
sh scripts/create_kube_users.sh -h
Usage:
create_kube_users.sh -a ACTION -d CONFIG_DIR -k KUBECONFIG -o ORG -t PRIVATE_KEY_TEMPLATE -u USERNAME
-a Action (apply|delete)
-d Directory to store configs
-h Display help
-k Path to KUBECONFIG
-o Org name for SSL cert
-t Path to PRIVATE_KEY_TEMPLATE
-u USERNAME to create
sh create_kube_users.sh -a apply -d ../KUBE_CONFIGS -k /Users/larrysmithjr/.kube/config -o TEST -t private_key_template.json -u "$(whoami)"
File structure is based on $USERNAME
which is derived from -u
and $KUBE_CLUSTER_NAME
.
The $KUBE_CLUSTER_NAME
represents docker-desktop
in the example below. So,
if you had multiple clusters defined in your KUBECONFIG
derived from -k
. You
would have multiple files based on each cluster. Whereas the users generated
KUBECONFIG
is simply config
.
tree KUBE_CONFIGS
KUBE_CONFIGS
└── larrysmithjr
├── config
├── docker-desktop-ca.pem
├── larrysmithjr-docker-desktop-key.pem
├── larrysmithjr-docker-desktop-rbac-access.yaml
├── larrysmithjr-docker-desktop.csr
└── larrysmithjr-docker-desktop.pem
I am heavily leveraging rbac-manager to handle all bindings, etc.
You can apply the rbac-manager
manifest using one of the following:
kubectl apply -f https://raw.githubusercontent.com/FairwindsOps/rbac-manager/master/deploy/all.yaml
kubectl apply -f utils/rbac-manager/deploy/all.yaml
MIT
Larry Smith Jr.