Skip to content

3.6 - Lab 7

Objectives

  • Generate a kubeconfig file for the cluster
  • Create a RoleBinding to allow Developer access

Generate a KubeConfig File

  1. Using the terminal, navigate to the Workspace directory.

    cd ~/Workspace

  2. Verify that the cluster is running correctly.

    tanzu cluster get tkc-01

    The READY columns displays True.

  3. Generate a kubeconfig file for the cluster that does not have admin permissions.

    tanzu cluster kubeconfig get tkc-01 --export-file kubeconfig-developers.yaml

    NOTE:

    This kubeconfig file will be used in an upcoming lab to access the cluster as a developer user.

  4. Display the file contents to see the Pinniped configuration parameters.

    cat kubeconfig-developers.yaml

    Because --admin was not used, this kubeconfig file will redirect the user to Pinniped and authentication will be performed using LDAP.

Create Role Binding to Grant Developer Access

  1. Using the terminal, navigate to the Workspace directory.

    cd ~/Workspace

  2. Set the kubectl context to the tkc-01 cluster.

    kubectl config use-context tkc-01-admin@tkc-01

  3. Display the cluster role binding.

    cat ldap-group-role-binding.yaml

    The subjects field contains tkg-developers.

    The roleRef field contains cluster-admin.

    yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: developers-ldap-group subjects: - kind: Group name: tkg-developers apiGroup: "" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io

  4. Apply the cluster role binding.

    kubectl apply -f ldap-group-role-binding.yaml