Multi-user MicroK8s

    In some circumstances, it may be desirable to have a degree of user-isolation, e.g. when multiple users are accessing a MicroK8s cluster. MicroK8s is a full implementation of Kubernetes, and therefore any existing strategy for handling multiple users can be applied. There is extensive upstream documentation relating to managing users.

    As a guide though, the following steps are recommended.

    1. Enable Role Based Access Control (RBAC):
    1. If required, create a specific namespace for the user (in this case, ‘alice’) by generating and applying a namespace object such as:

    namespace.json:

    1. {
    2.   "apiVersion": "v1",
    3.   "kind": "Namespace",
    4.   "metadata": {
    5.     "name": "alice",
    6.     "labels": {
    7.     }
    8.   }
    9. }
    1. Create and apply a rolebinding

    E.g to access pods:

    1. apiVersion: rbac.authorization.k8s.io/v1
    2. kind: Role
    3. metadata:
    5. rules:
    6. - apiGroups: [""] # "" indicates the core API group
    7.   resources: ["pods"]
    8.   verbs: ["get", "watch", "list"]

    To bind role this role to the user, run:

    1. Install kubectl

    This installs a standalone version of the kubectl command, which can be used
    instead of the built-in MicroK8s version of kubectl.

    1. Authenticate the user.
    1. Create a local kubectl config

    You can run the command:

    …to output the contents of the configuration file used by MicroK8s. This can be used as the basis for a user config file - bear in mind that the user information and the authentication should be matched to the user and the authentication method used.

    Last updated 8 months ago. .