K
Q

Question

Want to give admin rights to few user in a specific namespace in Kubernetes

5/3/2021

I want to add specific users to a namespace. Where they have full admin access to only those namespaces. Sample yamls:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: ns1-full-access
  namespace: ns1
rules:
- apiGroups: [""]
  resources: ["*"]
  verbs: ["*"]
- apiGroups: ["extensions"]
  resources: ["*"]
  verbs: ["*"]

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ns1-full-access-rolebinding
  namespace: ns1
subjects:
- kind: Group
  name: ns1-full-access-admins
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: ns1-full-access
  apiGroup: rbac.authorization.k8s.io
subjects:
    - apiGroup: rbac.authorization.k8s.io
      kind: User
      name: XYZ@test.com
    - apiGroup: rbac.authorization.k8s.io
      kind: User
      name: XYZ1@test.com

Will this be sufficient.

-- Vrushali

kubernetes

kubernetes-pod

1 Answer

5/3/2021

yes it will work

basic example change the apiGroups as per need or else use *

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: mynamespace-user
  namespace: mynamespace

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: mynamespace-user-full-access
  namespace: mynamespace
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["*"]
  verbs: ["*"]
- apiGroups: ["batch"]
  resources:
  - jobs
  - cronjobs
  verbs: ["*"]

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: mynamespace-user-view
  namespace: mynamespace
subjects:
- kind: ServiceAccount
  name: mynamespace-user
  namespace: mynamespace
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: mynamespace-user-full-access

-- Harsh Manvar

Source: StackOverflow

KQ

Want to give admin rights to few user in a specific namespace in Kubernetes

Similar Questions

1 Answer

K
Q