K
Q

Configure RABC in K8S v 1.8.1

12/14/2017

I am following Configure RBAC to create user accounts, everything works fine, but after updating the context, before binding any roles with the created user, apiserver kubectl get pods returning the pods.

apiserver configuration

KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--insecure-port=8080"
KUBELET_PORT="--kubelet-port=10250"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_ARGS="--client-ca-file=/srv/kubernetes/ca.crt --tls-cert-file=/srv/kubernetes/server.crt --tls-private-key-file=/srv/kubernetes/server.key --authorization-mode=RBAC"

kubectl config

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /srv/kubernetes/ca.crt
    server: http://172.16.3.23:8080
  name: local
contexts:
- context:
    cluster: local
    namespace: kube-system
    user: devops
  name: devops
current-context: devops
kind: Config
preferences: {}
users:
- name: devops
  user:
    client-certificate: /.cert/devops.crt
    client-key: /.cert/devops.key

p.s: I am using centos bare metal environment

-- Suresh.E
kubernetes

Similar Questions

How to set kubernetes proxy for a websocket application which running from ALB of AWS?
Access Kubernetes API without kubectl
Setting up MongoDB with Kubernetes on Google Cloud
PostStart hook seems to not work even though there is no failure

1 Answer

12/14/2017

The insecure port (http://...:8080) bypasses all authentication and authorization

-- Jordan Liggitt
Source: StackOverflow