K
Q

Kubernetes - grant full access to all namespaces matching prefix or regex

8/5/2021

I am planning to deploy review-apps to kubernetes using namespaces. That is, my CI generates a random ID, I build a namespace from this like review-app-xxx and inside I'm deploying several helm charts.

How can I easily give access to all those namespaces to a group of people ?

Concrete example: assume I have several of those namespaces

  • review-app-aaaa
  • review-app-bbbb
  • review-app-cccc

What is the most simple way to give full access to those namespaces for a user belonging to group tech:dev ?

EDIT:

The non-dry way to think about it is to have one roleBinding per namespace like this

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: namespace-full-access-cluster-role
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["*"]

---

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: full-access-staging-namespace-for-devs
  namespace: review-app-aaaa
subjects:
  - kind: Group
    name: devs
    apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: namespace-full-access-cluster-role
  apiGroup: rbac.authorization.k8s.io

but is there a way to dry this ?

-- Cyril Duchon-Doris
amazon-eks
kubernetes
kubernetes-helm
rbac

Similar Questions

Kubeadm Failed to create SubnetManager: error retrieving pod spec for kube-system
API horizontal scaling in a kubernetes cluster and load balancing at API gateway
How can we create azure-disk based persistent volume claim and use them from a POD in Kubernetes?
curl to the "kubernetes cluster node service" fails intermittently from master node
Is it possible to use multiple authentication types with nginx ingress?

0 Answers