user308993
Reputation: 51
How to create Kubernetes users limited to namespaces
I have a hard time trying to set up my (test) Kubernetes cluster so that it have a few users and a few namespaces, and a user can only see specific namespaces. Is there a way to do that? If yes, what is needed to
- Create a user
- Limit a user to a specific namespace or namespaces
- Use Kubernetes (via kubectl) as a specific user
Upvotes: 5
Views: 3619
Answers (1)
Steve Sloka
Reputation: 3454
You could setup ABAC (http://kubernetes.io/docs/admin/authorization/) and limit users to namespaces:
In the policy file you would have something like this if your user was bob and you wanted to limit him to the namespace projectCaribou:
{
"apiVersion": "abac.authorization.kubernetes.io/v1beta1",
"kind": "Policy",
"spec": {
"namespace": "projectCaribou",
"readonly": true,
"resource": "pods",
"user": "bob"
}
}
Upvotes: 5
Related Questions
- Kubernetes Namespaces stuck in Terminating status
- How can I keep a container running on Kubernetes?
- Command to delete all pods in all kubernetes namespaces
- How to switch namespace in kubernetes
- Why should you prefer unnamed namespaces over static functions?
- Automatically create Kubernetes resources after namespace creation
- Kubernetes dashboard access to namespaces with same token or config file
- What's the maximum number of Kubernetes namespaces?
- Kubernetes cannot create namespaces at the cluster scope