when I'm installing ARK server and Velero for cluster backup, on that point of time it asks for the requirement of RBAC authentication. The authentication process showing an error, when we enter
kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user info.mail_id@gmail.com`
error
Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "info.mail_id@gmail.com" cannot create resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope
as given in this article here
kubernetes doesnt have USER objects. You need to use certificates to to get authenticated and authorized with api server.
Generate certificate and sign it using cluster ca. build kubeconfig file. assign appropriate roles and rolebindings and using the kubeconfig you should be able to perform backup and restore using velero
Alternatively, download velero and using velero install command you can deploy velero into the k8s cluster
It was already stated but I feel this needs more guidance.
Kubernetes provides a certificates.k8s.io API, which lets you provision TLS certificates signed by a Certificate Authority (CA) that you control. These CA and certificates can be used by your workloads to establish trust.
RBAC uses the rbac.authorization.k8s.io API Group to drive authorization decisions, allowing admins to dynamically configure policies through the Kubernetes API.
See API Overview for details regarding Roles and ClusterRoles as well as RoleBindings and ClusterRoleBindings.
In the RBAC API, a role contains rules that represent a set of permissions. Permissions are purely additive (there are no “deny” rules). A role can be defined within a namespace with a Role, or cluster-wide with a ClusterRole.
A role binding grants the permissions defined in a role to a user or set of users. It holds a list of subjects (users, groups, or service accounts), and a reference to the role being granted. Permissions can be granted within a namespace with a RoleBinding, or cluster-wide with a ClusterRoleBinding.
I hope it helps.