Mastering Kubernetes Access: Creating an EKS Cluster Role for Namespace Listing

Mastering Kubernetes Access: Creating an EKS Cluster Role for Namespace Listing

Overview :-

Creating an #AmazonEKS (Elastic Kubernetes Service) cluster role that enables listing namespaces within your #Kubernetes cluster can greatly enhance your control and visibility over resources. With this comprehensive guide, you’ll discover the step-by-step process of creating a custom #EKS cluster role tailored to your needs.

Pre-requestites :-

  • #Amazon EKS Cluster

  • #Terraform should installed on your system.

  • AWS CLI credentials should configured and need Full Access for the eks cluster.

Step-1 :- Create a folder on your desktop and with in the folder create terraform configuration files such as main.tf, variable.tf.

Step-2 :- Open the main.tf file using a visula editor and define the #kubernets cluster creation role as shown like below.


data "aws_eks_cluster" "default" {
  name = var.eks_cluster_name
}

data "aws_eks_cluster_auth" "default" {
  name = var.eks_cluster_name
}

provider "kubernetes" {
  host                   = data.aws_eks_cluster.default.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.default.token
}

resource "kubernetes_manifest" "eks_namespaces_role" {
  manifest = {
    apiVersion = "rbac.authorization.k8s.io/v1",
    kind =       "ClusterRole",
    metadata = {
      name = "namespaces-list-role"
    },
    rules = [
      {
        apiGroups = [""],
        resources = ["namespaces"],
        verbs =     ["get", "list"]
      }
    ]
  }
}

resource "kubernetes_manifest" "eks_rolebinding_cluster_namespace_list" {
  manifest = {
    apiVersion = "rbac.authorization.k8s.io/v1",
    kind =       "ClusterRoleBinding",
    metadata = {
      name = "cluster-namespace-list-binding"
    },
    roleRef = {
      apiGroup = "rbac.authorization.k8s.io",
      kind     = "ClusterRole",
      name     = "${kubernetes_manifest.eks_namespaces_role.manifest.metadata.name}"
    },
    subjects = [
      {
        kind      = "Group",
        apiGroup  = "rbac.authorization.k8s.io",
        name      = "aws-${var.env_name}-eks"
      }
    ]
  }
}

Step-3 :- Now define the Variables for above main.tf file.

variable "eks_cluster_name" {
  description = "cluster name of eks"
  type = string
  default = "eks-cluster"
}

variable "env_name" {
  type        = string
  description = "Type of environment ex: dev, stage or prod"
  default     = "dev"
}

Step-4 :- Now Open a terminal or command prompt window and locate to your folder which is being created for eks role on desktop.

Step-5 :- Configure your aws access and secret access keys using aws configure command. Finally deploy the code using terraform.

# Run the below terraform commands to deploy the code.
terraform init
terraform plan
terraform apply

Step-6 :- Once the code is being deployed. U can check whether u are able to list the namespaces within the cluster. Run the below command to list the namespaces within the cluster.

Kubectl get ns

When u run the above command u can able to see the list of namespaces which are being created on the eks cluster as shown like below.

Source code link :- github.com/MahiraTechnology/Mahira-medium.git

Conclusion :-

In conclusion, crafting an #EKS cluster role to facilitate namespace listing can significantly enhance your #Kubernetes experience. By carefully defining the permissions and #scope, you ensure that users and services can access the information they need without compromising #security. Mastering EKS cluster roles empowers you to fine-tune your cluster’s access control, promoting efficiency and #security in your Kubernetes operations. Whether you’re a Kubernetes enthusiast or an #operations professional, this guide equips you with the knowledge to navigate the realm of EKS cluster roles with confidence.