Mastering Kubernetes Access: Creating an EKS Cluster Role for Namespace Listing
Overview :-
Creating an #AmazonEKS (Elastic Kubernetes Service) cluster role that enables listing namespaces within your #Kubernetes cluster can greatly enhance your control and visibility over resources. With this comprehensive guide, you’ll discover the step-by-step process of creating a custom #EKS cluster role tailored to your needs.
Pre-requestites :-
#Amazon EKS Cluster
#Terraform should installed on your system.
AWS CLI credentials should configured and need Full Access for the eks cluster.
Step-1 :- Create a folder on your desktop and with in the folder create terraform configuration files such as main.tf, variable.tf.
Step-2 :- Open the main.tf file using a visula editor and define the #kubernets cluster creation role as shown like below.
data "aws_eks_cluster" "default" {
name = var.eks_cluster_name
}
data "aws_eks_cluster_auth" "default" {
name = var.eks_cluster_name
}
provider "kubernetes" {
host = data.aws_eks_cluster.default.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.default.token
}
resource "kubernetes_manifest" "eks_namespaces_role" {
manifest = {
apiVersion = "rbac.authorization.k8s.io/v1",
kind = "ClusterRole",
metadata = {
name = "namespaces-list-role"
},
rules = [
{
apiGroups = [""],
resources = ["namespaces"],
verbs = ["get", "list"]
}
]
}
}
resource "kubernetes_manifest" "eks_rolebinding_cluster_namespace_list" {
manifest = {
apiVersion = "rbac.authorization.k8s.io/v1",
kind = "ClusterRoleBinding",
metadata = {
name = "cluster-namespace-list-binding"
},
roleRef = {
apiGroup = "rbac.authorization.k8s.io",
kind = "ClusterRole",
name = "${kubernetes_manifest.eks_namespaces_role.manifest.metadata.name}"
},
subjects = [
{
kind = "Group",
apiGroup = "rbac.authorization.k8s.io",
name = "aws-${var.env_name}-eks"
}
]
}
}
Step-3 :- Now define the Variables for above main.tf file.
variable "eks_cluster_name" {
description = "cluster name of eks"
type = string
default = "eks-cluster"
}
variable "env_name" {
type = string
description = "Type of environment ex: dev, stage or prod"
default = "dev"
}
Step-4 :- Now Open a terminal or command prompt window and locate to your folder which is being created for eks role on desktop.
Step-5 :- Configure your aws access and secret access keys using aws configure command. Finally deploy the code using terraform.
# Run the below terraform commands to deploy the code.
terraform init
terraform plan
terraform apply
Step-6 :- Once the code is being deployed. U can check whether u are able to list the namespaces within the cluster. Run the below command to list the namespaces within the cluster.
Kubectl get ns
When u run the above command u can able to see the list of namespaces which are being created on the eks cluster as shown like below.
Source code link :- “github.com/MahiraTechnology/Mahira-medium.git”
Conclusion :-
In conclusion, crafting an #EKS cluster role to facilitate namespace listing can significantly enhance your #Kubernetes experience. By carefully defining the permissions and #scope, you ensure that users and services can access the information they need without compromising #security. Mastering EKS cluster roles empowers you to fine-tune your cluster’s access control, promoting efficiency and #security in your Kubernetes operations. Whether you’re a Kubernetes enthusiast or an #operations professional, this guide equips you with the knowledge to navigate the realm of EKS cluster roles with confidence.