Closed jmarhee closed 5 years ago
The process I'm working on in a feature branch takes the approach of: 1) define list of usernames, 2) create two roles (admin, read-only user) 3) bind admin user to admin role, generate certs for and bind to the read-only role the list of usernames in ansible, 4) Apply (writes out to k3s/server/manifests, and applies automatically, so this is a template written out from ansible directly).
There's a branch already, but also: https://github.com/dexidp/dex/blob/master/Documentation/kubernetes.md#deploying-dex-on-kubernetes
Satisfied by #30 will re-implement later if an opinionated identity manager becomes standard, but this is pretty straightforward, and the clusterrole and clusterrolebinding worklfow is unlikely to change, whereas the user provisioniong likely will.
Modifying the demo flow to include demonstrating bootstrapping user certs and RBAC roles and bindings.