Kubernetes python client: authentication issue

Question

We are using the kubernetes python client (4.0.0) in combination with google\'s kubernetes engine (master + nodepools run k8s 1.8.4) to periodically schedule workloads on ku

Answer 1

In order to authenticate to your API server, you can use Role Based Access Control (RBAC), which can define a series of roles to manage authentication and access to your API.

This is based on granting roles and cluster roles to different users or service accounts through the use of bindings. These roles include some rules that represent a set of permissions, and can be defined to act on a namespace (roles) or an entire cluster (cluster roles).

The first step to enable RBAC is to start your API server with the following option:

--authorization-mode=RBAC

You can define specific roles with the kubectl command. For example, if you want to grant an admin cluster role to a user (e.g. Bob) on a namespace (e.g. acme), you can use this command:

kubectl create rolebinding bob-admin-binding --clusterrole=admin --user=bob --namespace=acme

You can also define a cluster role for a user (e.g. root) to have admin privileges across an entire cluster:

kubectl create clusterrolebinding root-cluster-admin-binding --clusterrole=cluster-admin --user=root

If you want to use service accounts instead, you can use a command like this to grant roles to a service account:

kubectl create rolebinding my-sa-view  --clusterrole=view --serviceaccount=my-namespace:my-sa --namespace=my-namespace

You can check here for more information about RBAC, including all the possible roles and cluster roles you can grant to your user or service account.