Versions Compared

Old Version 13

changes.mady.by.user Daria Lebedeva

Saved on

compared with

New Version 14

changes.mady.by.user Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As a result, a certificate will be generated in .csr format (e.g. cloudaware_test.csr)

4. Sign a the Cloudaware certificate request that will be used by Kubernetes control plane node - see the example below:

openssl x509 -req -in cloudaware_test.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out cloudaware_test.crt -days 3650

...

5. Set up authorization for the user on RBAC level. Create a custom ClusterRole Cluster role node-reader for Cloudaware to be able to fetch the information about Cluster nodes:

Code Block
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-reader
rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "watch", "list"]

Use the section below to map the custom ClusterRole to the existing user granting them required permissionsTwo bindings are in use: the first one binds the default role view, the second one binds the custom Cluster role node-reader:

Code Block
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cloudaware_test-binding
subjects:
- kind: User
  name: cloudaware_test
  namespace: default
  apiGroup: ""
roleRef:
  kind: ClusterRole
  name: view
  apiGroup: ""
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cloudaware_test-binding2
subjects:
- kind: User
  name: cloudaware_test
  namespace: default
  apiGroup: ""
roleRef:
  kind: ClusterRole
  name: node-reader
  apiGroup: ""

...