-
Notifications
You must be signed in to change notification settings - Fork 223
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ABAC users and tokens #11
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I read your tutorial Kubernetes-The-Hard-Way-on-BareMetal.md which is complete and very useful, so thank you very much !
I have an issue that I am still struggling with. In authorization section you provide a file "authorization-policy.jsonl" which is here to define some users and their rights if I am not mistaken. Then your provide a file "token.csv" with the exact same users and a token . Based on this I'm able to start my cluster and everything works !
Now I want to be able to type kubectl XXX from my PC. So I did a config file in .kube folder using admin user and chAng3m3 as a token (same info as in the tutorial). Giving CA cert ect... it worked !
This is my question, how can I use client-certificate and client-key instead of token in my kubectl config file ? I've tried to create special certs for this new user "my user", add him in authorization-policy.jsonl with the same rights as the admin but I never succeeded => "kubectl get pods
Error from server (Forbidden): pods is forbidden: User "system:anonymous" cannot list pods in the namespace "default": No policy matched."
Thank you in advance for your help !
The text was updated successfully, but these errors were encountered: