Curious Normy:
Hi All,
I have a question regarding RBAC, for RoleBinding resource, we need to specify the user name. The user name is the CN defined in the public certificates of the user (e.g. CN=dev-user) right? OR is it user name defined in the kube config?
Also when we are referring to User resource, which one are we referring to? Any commands to check all the User resources?
Tej_Singh_Rana:
Hello, @Curious Normy
> we need to specify the user name. The user name is the CN defined in the public certificates of the user (e.g. CN=dev-user) right? OR is it user name defined in the kube config?
I think User object created from below command is important in RoleBinding resource*,*
$ kubectl config set-credentials user1 --client-certificate=demo.crt --client-key=demo.key --embed-certs=true
Curious Normy:
Thank you for the help Tej!
It seems that the User object referenced in RoleBinding object is the CN specified in the public certificate of the user (i.e. CN=bob in public certs indicates the username used in RoleBinding while the user name in kube config could be arbitrary and only used in kubeconfig context). I tested this using minikube since minikube API server uses RBAC
One way to view all users is by using kubectl get csr
provided that users are created by creating CSR object