Implementing RBAC, the default user still retains access even after applying roleBinding
Question
I want to implement RBAC for each user. Already have OIDC running and I can see my user credentials being saved in kube config. But to check my rolebindings, i have to run the command as kubectl get pods --as=user@email.com , even though I am logged in as user@email.com (through gcloud init). I am an owner account in our cloud but I was assuming the RBAC limitations should still work.
2 answers
solution1
1 2018-06-13 09:16:26
Apart from credentials, you should configure a kubectl context to associate this credentials with the cluster. And to set it as the default context:
First, list kubectl clusters with k config get-clusters
Then create a new context:
kubectl config set-context my-new-context --cluster <CLUSTER NAME> --user="user@email.com"
And finally configure the new context as default:
kubectl config use-context my-new-context
solution2
0 2018-06-13 14:21:55
I am an owner account in our cloud but I was assuming the RBAC limitations should still work.
RBAC is additive only. If you have permissions via another configured authorizer, you will still have those permissions even if you have lesser permissions via RBAC.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.