Automatically Create ClusterRoleBinding on GKE for NGINX Ingress Controller

Question

In the installation guide of setting up NGINX Ingress on Google Kubernetes Engine, you have to run the following command to generate a clusterrolebinding:

kubectl create clusterrolebinding cluster-admin-binding \
  --clusterrole cluster-admin \
  --user $(gcloud config get-value account)

Since I'd like to automate the entire setup process I don't want to run this command every time I create a new cluster.

So I want to know if there is a way to create a configuration .yaml file which automatically applies the above clusterrolebinding to my cluster on GKE?

Answer 1

You can see the resulting yaml created by the kubectl command like so:

kubectl create clusterrolebinding cluster-admin-binding \
  --clusterrole cluster-admin \
  --user $(gcloud config get-value account)
  --dry-run
  -o yaml

This will give you an output like this:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  creationTimestamp: null
  name: cluster-admin-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: your_user

You can then create a yaml file (e.j. clusterrolebinding.yaml) with its content and deploy to the cluster as you would with any other config file:

kubectl create -f clusterrolebinding.yaml

I don't think this is going to be any easier to automate than the kubectl create clusterrolebinding command itself though, you still need to tell the cluster about this new binding.