How to create Kubernetes users limited to namespaces

Question

I have a hard time trying to set up my (test) Kubernetes cluster so that it have a few users and a few namespaces, and a user can only see specific namespaces. Is there a way to do that? If yes, what is needed to

Create a user
Limit a user to a specific namespace or namespaces
Use Kubernetes (via kubectl) as a specific user

score 5 · Answer 1 · edited Nov 04 '16 at 11:09

5

You could setup ABAC (http://kubernetes.io/docs/admin/authorization/) and limit users to namespaces:

In the policy file you would have something like this if your user was bob and you wanted to limit him to the namespace projectCaribou:

{
  "apiVersion": "abac.authorization.kubernetes.io/v1beta1",
  "kind": "Policy",
  "spec": {
    "namespace": "projectCaribou",
    "readonly": true,
    "resource": "pods",
    "user": "bob"
  }
}

edited Nov 04 '16 at 11:09

Gajus

69,002
70
275
438

answered Jun 01 '16 at 12:11

Steve Sloka

3,444
2
22
29

1

Hi, how can I actually create the users("bob") on k8. – Suhas Chikkanna Sep 20 '17 at 13:16
this solution might help you - https://stackoverflow.com/a/42186135/9508556 @SuhasChikkanna – Manju N Sep 01 '22 at 14:55

How to create Kubernetes users limited to namespaces

1 Answers1