DEVHIDE
Login Or Sign up

Programmatically create users in Kubernetes

298 Views Asked by At

I am looking for a way to create/retrieve/update/delete a user in Kubernetes, such that I can allow him certain stuff via RoleBindings.

Everything I have found is more or less manual work on the master node. However, I imagine a service deployed in Kubernetes I could call via an API to do the magic for me without doing any manual work. Is such a thing available?

kubernetes roles rbac k8s-serviceaccount k8s-rolebinding
Original Q&A
1

There are 1 best solutions below

0
On

From https://kubernetes.io/docs/reference/access-authn-authz/authentication/#users-in-kubernetes

All Kubernetes clusters have two categories of users: service accounts managed by Kubernetes, and normal users.

Kubernetes does not have objects which represent normal user accounts. Normal users cannot be added to a cluster through an API call.

Even though a normal user cannot be added via an API call, any user that presents a valid certificate signed by the cluster's certificate authority (CA) is considered authenticated.

So there is no API call to create normal user. However you can create service accounts that can have RoleBindings bound to them.

Another possibility is to create TLS certificate, sign it with Kubernetes cluster CA (using CSRs) and use it as a "normal user".

Related Questions in KUBERNETES

Related Questions in ROLES

Related Questions in RBAC

Related Questions in K8S-SERVICEACCOUNT

Related Questions in K8S-ROLEBINDING

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.