Skip to main content

5.2.2 Creating K8s RBAC

Youtube ๐Ÿ“บ

Now that we've learnt about Kubernetes RBAC let's get to create it

๐Ÿ› ๏ธ Preparing Code for K8s IAM Rolesโ€‹

Below command will create the AWS IAM Roles that our users goku and vegeta will need to assume in order to access k8s through kubectl

cd ~/playground/
cp -r ~/s4cpcode/chapter5/5B/. ~/playground/
git status
git add .
git commit -m "aws iam roles for k8s"
git push

Following AWS IAM Roles will be created

NameTypeAccountUser
AssumeRoleK8sAdminWithMFAprodIAM Roleprodgoku
AssumeRoleK8sDeveloperWithMFAprodIAM Roleprodvegeta
AssumeRoleK8sAdminWithMFAdevIAM Roledevgoku,vegeta

All the above IAM Roles have the same permissions i.e.

eks:DescribeCluster,eks:ListClusters

Its worth noting and that these roles don't need any special AWS permissions to access EKS other than the ones listed above. The primary purpose of these roles is to only provide identity that is needed to authenticate to EKS. The actual permissions are tied to the Kubernetes Role to which they are mapped in aws-auth

โš™๏ธ Preparing Code K8s RBACโ€‹

Below command will create the Kubernetes Role and RoleBinding objects and map them to the AWS IAM Roles created above in the aws-auth configmap.

cd ~/playground/
cp -r ~/s4cpcode/chapter5/5C/. ~/playground/
git status
git add .
git commit -m "creating k8s rbac objects"
git push