User Provisioning/RBAC Demo

equinix-labs / terraform-equinix-metal-k3s

Manage K3s (k3s.io) region clusters on Equinix Metal

https://registry.terraform.io/modules/equinix/k3s/metal/latest?tab=readme

Apache License 2.0

46 stars 15 forks source link

User Provisioning/RBAC Demo #27

Closed jmarhee closed 5 years ago

jmarhee commented 5 years ago

Modifying the demo flow to include demonstrating bootstrapping user certs and RBAC roles and bindings.

jmarhee commented 5 years ago

The process I'm working on in a feature branch takes the approach of: 1) define list of usernames, 2) create two roles (admin, read-only user) 3) bind admin user to admin role, generate certs for and bind to the read-only role the list of usernames in ansible, 4) Apply (writes out to k3s/server/manifests, and applies automatically, so this is a template written out from ansible directly).

jmarhee commented 5 years ago

There's a branch already, but also: https://github.com/dexidp/dex/blob/master/Documentation/kubernetes.md#deploying-dex-on-kubernetes

jmarhee commented 5 years ago

Satisfied by #30 will re-implement later if an opinionated identity manager becomes standard, but this is pretty straightforward, and the clusterrole and clusterrolebinding worklfow is unlikely to change, whereas the user provisioniong likely will.