What is Roles and Cluster Roles in Kubernetes ? Roles in Kubernetes are confined to namespace, Cluster Roles are not. kubectl api-resoures command shows all resources in Kubernetes, kubectl api-resources –namespaced=true command shows only resources that are managed by using Roles and role bindings; kubectl api-resources –namespaced=false command shows cluster level resources, they are managed by using Cluster Role and cluster role bindings.
When creating Role, two things must be mentioned :
- verbs
- resources
The sequence of commands for authorization (executing paragraph 3) in Unix operating System is :
- kubectl create role prodadmin –verb=get,list,watch,create –resource=pods,services –namespace default (role name can be different, prodadmin is not mandatory, –verb list can vary, depending on what permissions have to be given, –resouce list is arbitrary too, but it have to be namespaced resources, –namespace can be another, not default)
- kubectl create rolebinding prodadminbinding –user=prod-user –role=prodadmin –namespace default (assigining role to a user)
The sequence of commands for updating config (executing paragraph 4) in Unix operating System is :
- Open .kube/config for editing
- In users section add name and user details (public and private keys), keys can be inserted into config file (then parameters are called client-certificate-data and client-key-data) or paths to files, containing keys, can be provided (then parameters are called client-certificate and client-key)
- In contexts section add one more context (same cluster, needed user, define name)
kubectl config get-contexts – command that shows contexts defined in config file (./kube/config)
kubectl config use-context <context name> – command that switches used context
