Ansible configuration for limit user to its namespace, and list all namespaces in cluster (for dashboard). Can be used for provide access to stage environments for your developers.
Just ansible-playbook k8s-rbac-limit-user-to-namespace.yml -e namespace=cool-app-development
and gather result from /tmp/cool-app-development.yaml
You must have:
pip install openshift ansible
on target host- working
~/.kube/config
or/etc/kubernetes/admin.conf
on target host
-
will be created namespace
-
will be created RBAC rulles
-
downloaded
namespace.kubeconfig.yaml.j2
to ansible controller/tmp/namespace.kubeconfig.yaml.j2
-
templated
namespace.kubeconfig.yaml.j2
to first kube-master as/tmp/{{ namespace }}.yaml
- default namespace for commands will be
{{ namespace }}
- default namespace for commands will be
-
you can copy
/tmp/{{ namespace }}.yaml
to/home/developer.name/.kube/config
or send it via secure way. -
please, test your new config with
kubectl get ns,pods --kubeconfig=/tmp/{{ namespace }}.yaml