Skip to content

VincentDu2021/k8s-rbac-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
doc
doc
 
 
rbac
rbac
 
 
scripts
scripts
 
 
verification
verification
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ra2-auth

Design documents, rule specifications and utilities for RA-2 Authentication and RBAC

Files

.
├───doc
├───rbac
├───scripts
│   └───oidc-client
└───verification
    ├───bin
    ├───cmd
    ├───doc
    ├───internal
    │   ├───process_rules
    │   └───rbac_rules_verification
    ├───pkg
    └───utils
  • doc contains the design documents
  • rbac contains the yaml files for rbac rules
  • scripts contains the scripts for generating odic token and kubeconfig
  • verification is the go source directory for k8s-rbac-verficication module

Use Cases

  • For k8s user, execute the refresh-k8s-token.sh from scripts/oidc-client for oidc token generation or refresh, and a .kube/abc_xyz_config kubeconfig file;
  • For k8s cluster admin, set the cluster IP, cert, oidc_url etc. values properly first before distrubtion the above script to user;
  • For k8s cluster admin, review the yaml files in rbac directory to set proper rules for user subjects, then apply to or update on k8s cluster;
  • For k8s cluster admin, review the results from k8s-rbac-verficication on all subjects and resoruces, to ensure the RBAC rules from above are set properly, or if there is any drift from the cluster.

About

k8s Auth and Validation Tool

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages