In this example, we will create dev
namespace and token for access this namespace only
Create Namespace
kubectl create namespace dev
Create Service Account with permissions
Create file permission-dev-namespace.yaml
with content:
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: dev-user
namespace: dev
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dev-user-full-access
namespace: dev
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["batch"]
resources:
- jobs
- cronjobs
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dev-user-view
namespace: dev
subjects:
- kind: ServiceAccount
name: dev-user
namespace: dev
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dev-user-full-access
Apply this:
kubectl apply -f permission-dev-namespace.yaml
You should see the three components being created.
Get Secrets
Use following command to get the token, use this to access dashboard
kubectl -n dev describe secret $(kubectl -n dev get secret | grep dev-user | awk '{print $1}')