|
| 1 | +kubectl create ns finance |
| 2 | +openssl genrsa -out john.key 2048 # it will create a private key |
| 3 | +openssl req -new -key john.key -out john.csr -subj "/CN=john/O=javadeveloper" |
| 4 | + |
| 5 | +openssl x509 -req -in john.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out john.crt -days 500 |
| 6 | + |
| 7 | +#Create a role for namespace finance with resource permission |
| 8 | +#role.yaml |
| 9 | +apiVersion: rbac.authorization.k8s.io/v1 |
| 10 | +kind: Role |
| 11 | +metadata: |
| 12 | + namespace: finance |
| 13 | + name: deployment-manager |
| 14 | +rules: |
| 15 | +- apiGroups: ["","extensions","apps"] |
| 16 | + # |
| 17 | + # at the HTTP level, the name of the resource for accessing ConfigMap |
| 18 | + # objects is "configmaps" |
| 19 | + resources: ["deployments","replicasets","pods"] |
| 20 | + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] |
| 21 | + |
| 22 | +kubectl create -f role.yaml |
| 23 | + |
| 24 | + |
| 25 | +#rolebinding.yaml |
| 26 | + |
| 27 | +apiVersion: rbac.authorization.k8s.io/v1 |
| 28 | +# This role binding allows "jane" to read pods in the "default" namespace. |
| 29 | +# You need to already have a Role named "pod-reader" in that namespace. |
| 30 | +kind: RoleBinding |
| 31 | +metadata: |
| 32 | + name: deployment-manager-binding |
| 33 | + namespace: finance |
| 34 | +subjects: |
| 35 | +# You can specify more than one "subject" |
| 36 | +- kind: User |
| 37 | + name: john |
| 38 | + apiGroup: "" |
| 39 | +roleRef: |
| 40 | + # "roleRef" specifies the binding to a Role / ClusterRole |
| 41 | + kind: Role #this must be Role or ClusterRole |
| 42 | + name: deployment-manager # this must match the name of the Role or ClusterRole you wish to bind to |
| 43 | + apiGroup: "" |
| 44 | + |
| 45 | +kubectl create -f rolebinding.yaml |
| 46 | + |
| 47 | +kubectl config set-credentials john --client-certificate=/home/ubuntu/temp/john.crt --client-key=/home/ubuntu/temp/john.key |
| 48 | + |
| 49 | +kubectl config set-context developer-context --cluster=kubernetes --namespace=finace --user=john |
| 50 | + |
| 51 | +----Install client |
| 52 | +curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl |
| 53 | + |
| 54 | + chmod +x ./kubectl |
| 55 | + |
| 56 | + sudo mv ./kubectl /usr/local/bin/kubectl |
| 57 | + kubectl version --client |
| 58 | + |
| 59 | + |
| 60 | + ls ./kube |
| 61 | + kubectl --kubeconfig config cluster-info |
| 62 | + kubectl --kubeconfig config config view |
| 63 | + kubectl --kubeconfig config config view -o jsonpath='{.contexts[*].name}' |
| 64 | + |
| 65 | + kubectl --kubeconfig config get pods -n finance |
| 66 | + kubectl --kubeconfig config run nginx-pod --image=nginx -n finance |
| 67 | + kubectl --kubeconfig config get pods -n finance |
0 commit comments