Reputation: 63
readonly kubectl access for kubernetes cluster running on ec2 provisioned using kops
We've multiple k8s clusters which are used by many teams for their microservices. We've restricted the kubectl access to the limited members only. But many times we get a request for allowing readonly kubectl access.
Many on k8s clusters are running on ec2 & provisioned via kops.
Version details :
$ kubectl version --short
Client Version: v1.13.0
Server Version: v1.11.6
---
$ kops version
Version 1.12.2
I tried to create a test-pod with kubectl installed in it which readonly clusterrole & clusterrolebinding attached. I can see that the kubectl from within the pod can have readonly access but it needs me to kubectl exec into the pod. So, I don't know how can I restrict this access ?
I have tried this but still don't know how to restrict access.
Upvotes: 0
Views: 252
Answers (1)
Reputation: 54249
You need to make users in whatever authentication system you are using and then set the role binding to be aimed at those users, not a service account. Service accounts are for services, not humans.
Upvotes: 1
Related Questions
- Making kubectl private in AWS-EKS cluster
- Read-only ingress resources kubernetes user
- kubectl authentication to aws eks cluster
- Read-only user gets full access
- Create kubernetes EC2 cluster on aws using kops
- Read only kubernetes user
- Kops - Provisioning & Configuration on AWS
- Only the creator user can manage AWS kubernetes cluster (EKS) from kubectl?
- Kubernetes on AWS using Kops - kube-apiserver authentication for kubectl
- How to secure kubectl access?