K
Q

Cannot get a kubeconfig for a ServiceAccount to work correctly

4/12/2018

I have an issue with creating namespaces, serviceaccounts, roles, rolebindings and kubeconfig files.

In the future we will have multiple teams/ applications landing on Kubernetes and I want to create a namespace per team. We are using Kubernetes on Azure (AKS) and the default created kubeconfig is not something to just handover to all teams. So I thought I would create a serviceaccount per namespace and create a role + rolebinding. So I tried it locally with minikube.

I first created the resources:

enter image description here

And then I created the config file for the serviceaccount: enter image description here

But with this config file I can still see all resources in all namespaces and I cannot figure out what I am doing wrong. Hopefully someone can help me out.

Kind regards, Bram

-- bramvdk
kubernetes

Similar Questions

Can't delete flannel plugin
install a specific version of kubernetes on centos
How to deploy microservices web application on Kubernetes?
Docker - capturing logs when replacing PID 1

1 Answer

4/12/2018

Your configuration looks well, but service-accounts are designed for accessing Kubernetes from the inside of cluster or for accessing it by other services.

In your case, the better option would be using User with a role binding.

Here is a good instruction from Bitnami how to do that.

In a few words, you should:

  1. Create The User Credentials
  2. Create The Role For Managing Deployments
  3. Bind The Role To The Employee User

Regarding your problem, please check your Minikube configuration and ensure that RBAC is enabled.

You can use --extra-config=apiserver.Authorization.Mode=RBAC option to launch minikube with enforced RBAC authorization.

-- Anton Kostenko
Source: StackOverflow