From e103078eabcd288c1fa82962ddb82890190d7536 Mon Sep 17 00:00:00 2001 From: Sambo Chea Date: Fri, 14 Jan 2022 10:33:35 +0700 Subject: [PATCH] Add mysql cluster operator and rbac in sample --- mysql/mysql-cluster.yaml | 15 ++++++++ rbac/.gitignore | 1 + rbac/README.md | 74 ++++++++++++++++++++++++++++++++++++++++ rbac/access.yaml | 43 +++++++++++++++++++++++ 4 files changed, 133 insertions(+) create mode 100644 mysql/mysql-cluster.yaml create mode 100644 rbac/.gitignore create mode 100644 rbac/README.md create mode 100644 rbac/access.yaml diff --git a/mysql/mysql-cluster.yaml b/mysql/mysql-cluster.yaml new file mode 100644 index 0000000..bf2ca68 --- /dev/null +++ b/mysql/mysql-cluster.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mysql +--- +apiVersion: mysql.oracle.com/v2alpha1 +kind: InnoDBCluster +metadata: + name: mysql-cluster + namespace: mysql +spec: + secretName: mysql-secret + instances: 3 + router: + instances: 1 diff --git a/rbac/.gitignore b/rbac/.gitignore new file mode 100644 index 0000000..95d4193 --- /dev/null +++ b/rbac/.gitignore @@ -0,0 +1 @@ +developer-user.yaml \ No newline at end of file diff --git a/rbac/README.md b/rbac/README.md new file mode 100644 index 0000000..06c48e0 --- /dev/null +++ b/rbac/README.md @@ -0,0 +1,74 @@ +# Create RBAC for specific namespace + +- Apply RBAC for specific namespace + +```shell +k apply -f access.yaml +``` + +- Get Details of RBAC + +```shell +k describe sa developer -n developer-dev +``` + +- Get Token from RBAC + +```shell +k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data.token}" | base64 -d +``` + +- Get Certificate from RBAC + +```shell +k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data['ca\.crt']}" +``` + +- Create kube config file + +```yaml +apiVersion: v1 +kind: Config +preferences: {} + cluster: + certificate-authority-data: PLACE CERTIFICATE HERE + server: https://YOUR_KUBERNETES_API_ENDPOINT + name: developer-cluster + +users: + - name: developer + user: + as-user-extra: {} + client-key-data: PLACE CERTIFICATE HERE + token: PLACE USER TOKEN HERE + +contexts: + - context: + cluster: kubernetes + namespace: developer-dev + user: developer + name: developer-dev + +current-context: developer-dev +clusters: + - cluster: + certificate-authority-data: PLACE CERTIFICATE HERE + server: https://YOUR_KUBERNETES_API_ENDPOINT + name: developer-cluster + +users: + - name: developer + user: + as-user-extra: {} + client-key-data: PLACE CERTIFICATE HERE + token: PLACE USER TOKEN HERE + +contexts: + - context: + cluster: kubernetes + namespace: developer-dev + user: developer + name: developer-dev + +current-context: developer-dev +``` diff --git a/rbac/access.yaml b/rbac/access.yaml new file mode 100644 index 0000000..d3ebbfe --- /dev/null +++ b/rbac/access.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app: developer-dev + name: developer-dev +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: developer + namespace: developer-dev + +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: developer-full-access + namespace: developer-dev +rules: + - apiGroups: ["", "extensions", "apps"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["batch"] + resources: + - jobs + - cronjobs + verbs: ["*"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: developer-view + namespace: developer-dev +subjects: + - kind: ServiceAccount + name: developer + namespace: developer-dev +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: developer-full-access