# k8s-user-tools

**Repository Path**: bug2019bug/k8s-user-tools

## Basic Information

- **Project Name**: k8s-user-tools
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: AGPL-3.0
- **Default Branch**: main
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2021-09-07
- **Last Updated**: 2021-09-07

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Kubernetes ServiceAccount Rights Tools

## Goals

Kubernetes don't have real "user", and it's difficult to provide access to a kubernetes cluster to person without sharing your kubeconfig, it's a very bad practice.
When you use a bare metal kubernetes cluster or Kubernetes cluster managed by OVH or Scaleway, you don't any interface or simple to administrate your cluster permissions.

These tools are to simplify the creation of a ServiceAccount and create a kubeconfig.yaml for this account.
In a second step, apply some permissions to this ServiceAccount.
## Origin

script was inspired from https://gist.github.com/xtavras/98c6a2625079a78054a907219c976e2b and https://gist.github.com/innovia/fbba8259042f71db98ea8d4ad19bd708 and adjusted with "apply_rbac" function and colorized output.

The main difference come from the seperation between ServiceAccount creation and permissions.

## Create a user service-account for a namespace

```sh
./add-user.sh serviceaccountname namespace-of-your-svc
```

## Command examples

### Set a user  as cluster admin

```sh
./set-user-as-cluster-admin.sh serviceaccountname namespace-of-your-svc
```

### Set a user for a namespace as admin

```sh
./set-user-as-ns-admin.sh serviceaccountname namespace-of-your-svc your-targeted-namespace
```

### Test your configuration

```sh
kubectl  --kubeconfig=./tmp/kube/k8s-xxxxx.yaml get ns
```

## Garanties

The code is provide as is without any garanties or support.

Up to you to check, verify, enforce, fix any technical or security problems.

WARNING: REMEMBER, if you use ServiceAccount as User, and create a kubeconfig for it, you will create a lifetime token!

## Alternatives

Another alternative: https://github.com/sighupio/permission-manager with web UI.

## Licence

This project is under the [AGPLv3](./LICENSE).
For more information, please a message or an issue on github.