Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document usage with RBAC #147

Open
imduffy15 opened this issue Apr 27, 2018 · 0 comments
Open

Document usage with RBAC #147

imduffy15 opened this issue Apr 27, 2018 · 0 comments
Assignees
@ljnelson
Labels
documentation task
Milestone
Someday

Comments

@imduffy15
Copy link

It might be useful to document how to use this on an RBAC enabled cluster and how to create the service account, role, and role binding using the official kubernetes java client.

        ApiClient officialClient = Config.fromUserPassword(
                "https://la-de-do-da"
                 "username",
                 "password"
        );

        CoreV1Api coreV1Api = new CoreV1Api();

        RbacAuthorizationV1Api rbacV1API = new RbacAuthorizationV1Api(officialClient);

        V1ObjectMeta objectMeta = new V1ObjectMeta();
        objectMeta.setName("tiller");

        V1ServiceAccount serviceAccount = new V1ServiceAccount();
        serviceAccount.setMetadata(objectMeta);

        coreV1Api.createNamespacedServiceAccount("kube-system", serviceAccount, "false");

        V1PolicyRule policyRule = new V1PolicyRule();
        policyRule.setApiGroups(Collections.singletonList("*"));
        policyRule.setResources(Collections.singletonList("*"));
        policyRule.setVerbs(Collections.singletonList("*"));
        policyRule.setNonResourceURLs(Collections.singletonList("*"));

        V1ClusterRole clusterRole = new V1ClusterRole();
        clusterRole.setMetadata(objectMeta);
        clusterRole.addRulesItem(policyRule);

        rbacV1API.createClusterRole(clusterRole, "false");

        V1RoleRef v1RoleRef = new V1RoleRef();
        v1RoleRef.setApiGroup("rbac.authorization.k8s.io");
        v1RoleRef.setKind("ClusterRole");
        v1RoleRef.setName("tiller");

        V1Subject v1Subject = new V1Subject();
        v1Subject.setKind("ServiceAccount");
        v1Subject.setName("tiller");
        v1Subject.setNamespace("kube-system");

        V1ClusterRoleBinding v1ClusterRoleBinding = new V1ClusterRoleBinding();
        v1ClusterRoleBinding.setMetadata(objectMeta);
        v1ClusterRoleBinding.setRoleRef(v1RoleRef);
        v1ClusterRoleBinding.setSubjects(Collections.singletonList(v1Subject));

        rbacV1API.createClusterRoleBinding(v1ClusterRoleBinding, "false");
@ljnelson ljnelson self-assigned this May 12, 2018
@ljnelson ljnelson added this to the Someday milestone May 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ljnelson ljnelson

Labels
documentation task
Projects
None yet
Milestone
Someday
Development

No branches or pull requests
2 participants
@ljnelson @imduffy15