Lab1: Role and Rolebinding<\/p>\n
Lab 2: Test with user<\/p>\n Lab 3: Clusterrole and Clusterrolebinding<\/p>\n![\"\"](\"https:\/\/www.openwriteup.com\/wp-content\/uploads\/2023\/08\/role.jpg\")
<\/a><\/p>\nkubectl create -f role.yaml\r\nkubectl get roles\r\nkubectl describe role pod-reader<\/pre>\n
<\/a><\/p>\nkubectl create -f rolebind.yaml\r\n\u00a0kubectl get rolebindings\r\n\u00a0kubectl describe rolebindings read-pods<\/pre>\n
#role and role binding testing\r\n#Create a private key for your user. In this example, we will name the file employee.key:\r\nopenssl genrsa -out employee.key 2048\r\n#Create a certificate sign request employee.csr using the private key you just created (employee.key in this example). Make sure you specify your username and group in the -subj section\r\nopenssl req -new -key employee.key -out employee.csr -subj \"\/CN=employee\/O=test\"\r\n#Generate the final certificate employee.crt by approving the certificate sign request, employee.csr, you made earlier. Make sure you substitute the CA_LOCATION placeholder with the location of your cluster CA. In this example, the certificate will be valid for 500 days:\r\nopenssl x509 -req -in employee.csr -CA \/etc\/kubernetes\/pki\/ca.crt -CAkey \/etc\/kubernetes\/pki\/ca.key -CAcreateserial -out employee.crt -days 500\r\nkubectl config set-credentials employee --client-certificate=employee.crt --client-key=employee.key\r\n#Add a new context with the new credentials for your Kubernetes cluster.\r\nkubectl config set-context employee-context --cluster=kubernetes --namespace=default --user=employee\r\nkubectl config get-contexts\r\nkubectl config use-context employee-context\r\nkubectl get pods\r\n kubectl delete pods <pod name>\r\n#Change to admin\r\n kubectl config use-context kubernetes-admin@kubernetes\r\n\r\n<\/pre>\n