Design documents, rule specifications and utilities for RA-2 Authentication and RBAC
.
├───doc
├───rbac
├───scripts
│ └───oidc-client
└───verification
├───bin
├───cmd
├───doc
├───internal
│ ├───process_rules
│ └───rbac_rules_verification
├───pkg
└───utils
doc
contains the design documentsrbac
contains the yaml files for rbac rulesscripts
contains the scripts for generating odic token and kubeconfigverification
is the go source directory fork8s-rbac-verficication
module
- For k8s user, execute the
refresh-k8s-token.sh
fromscripts/oidc-client
for oidc token generation or refresh, and a .kube/abc_xyz_config kubeconfig file; - For k8s cluster admin, set the cluster IP, cert, oidc_url etc. values properly first before distrubtion the above script to user;
- For k8s cluster admin, review the yaml files in
rbac
directory to set proper rules for user subjects, then apply to or update on k8s cluster; - For k8s cluster admin, review the results from
k8s-rbac-verficication
on all subjects and resoruces, to ensure the RBAC rules from above are set properly, or if there is any drift from the cluster.