create kubeconfig with limit access using service account in kubernetes

0
1

halo sobat sekolahlinux, kali ini saya mau share tentang bagaimana membuat kubeconfig namun dengan limitasi limitasi tertentu, jadi jika ada developer yang ingin meminta akses ke k8s production tapi kita hanya ingin memberikan diaakses ke spesific namespace tertentu kita bisa menggunakan cara dibawah ini, yuk mari kita mulai tutorialnya

pertama kita akan membuat serviceaccount terlebih dahulu

apiVersion: v1
kind: ServiceAccount
metadata:
  name: sekolahlinux-sa
  namespace: kube-system

setelah itu kita akan membuat role & cluster role, untuk list apigroups, resources, verbs nya kamu bisa lihat disini:

clusterrole

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: sekolahlinux-clusterrole
rules:
  - apiGroups: [""]
    resources: ["pods", "pods/exec", "services", "namespaces", "nodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["apps"]
    resources: ["deployment"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["rbac.authorization.k8s.io"]
    resources: ["clusterroles", "clusterrolebindings", "roles", "rolebindings"]
    verbs: ["get", "list", "watch"]

role

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: sekolahlinux-role
  namespace: production
rules:
  - apiGroups: [""]
    resources: ["pods", "services", "namespaces", "nodes"]
    verbs: ["create", "get", "update", "list", "watch", "patch", "delete"]
  - apiGroups: ["apps"]
    resources: ["deployment"]
    verbs: ["create", "get", "update", "list", "watch", "patch", "delete"]
  - apiGroups: ["rbac.authorization.k8s.io"]
    resources: ["roles", "rolebindings"]
    verbs: ["create", "get", "update", "list", "watch", "patch", "delete"]

clusterrolebinding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: sekolahlinux-clusterrolebinding
subjects:
  - kind: ServiceAccount
    name: sekolahlinux-sa
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: sekolahlinux-clusterrole
  apiGroup: rbac.authorization.k8s.io

rolebinding

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: sekolahlinux-rolebinding
  namespace: production
subjects:
  - kind: ServiceAccount
    name: sekolahlinux-sa
    namespace: kube-system
roleRef:
  kind: Role
  name: sekolahlinux-role
  apiGroup: rbac.authorization.k8s.io

jika sudah selanjutkan kita akan melihat isi dari secret yang di generate secara otomatis ketika membuat serviceaccount, yaitu dengan cara seperti dibawah

sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl get secret -n production
NAME                            TYPE                                  DATA   AGE
sekolahlinux-sa-token-mc9ks     kubernetes.io/service-account-token   3      6s

selanjutnya describe secret sekolahlinux-sa-token-mc9ks untuk melihat tokennya

Name:         sekolahlinux-sa-token-9qcgk
Namespace:    production
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: sekolahlinux-sa
              kubernetes.io/service-account.uid: 22c25c80-b1c0-4780-9317-2927b7054148

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImVfdldmcFluX0FCQVc0MllkcHdaU3N1dlZaaEI3VElFVHVfQTBUbUdFT3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFrYmFyLXNhLXRva2VuLTlxY2drIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFrYmFyLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjJjMjVjODAtYjFjMC00NzgwLTkzMTctMjkyN2I3MDU0MTQ4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWtiYXItc2EifQ.b04V0Am3UmGe0tKFzwb68S49AarNgFshvnsLz_dBPOJjcz6n_5DRWa0xNBBesUZY_ReAjs70yjswX2iIMSvaUEO7cXSCWxuQoh37JOXDN--TP_gXqIyfa3SWkdPM470TRoKU2uu3KxX0tTbPtS4MxlRUfxOOs4KEPVBfhXBhIoK2eAqUFIdXEOnBvhHvx92eQSH-9UDa77xHwH9yjUOqD8dsZ-p09KYH9id7Dt1YcL1CjNfWUrKV-NkzXLrCQaIkol-jvw_0qTUEwh9eSMD7uXWvi8ma0KPqAqExm1pMllM3z7BAgy01n3XeaGQf3Fwabn-0SozEO0PbKO_ENd6Dxg

selanjutnya kita coba mendapatkan informasi tentang server cluster k8s yang sedang berjalan dengan command ini

sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl config view --flatten --minify
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01EZ3hPREE1TXpNeE5Wb1hEVE13TURneE56QTVNek14TlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0RSCkw4Y1VvWG00cEdMZzdLMzlxeDRNem1YODhrUHkxVnp5bXMzM2Rrd1FMYnZyMkFxSXpTQUNLeUl4R1JxNGYzeVUKMW5tY2RxanIydnU0K3diU1VsbURUZFdTWDNmZ2F5UG5iOWoxS0dkblA4UG4vWEh0dVdtcDFXNnk0VDlQTmR1YwpucEpXaG5ySDFwMjN1NmU5RGpYUjZ2UzhIN1RYVFdBTmdqRE5PcURDMnpIazJTU0tTR0cxYUErWDdiaThXQW4yCi9hTUw0cTFFOFNoT3kzMXZmcUJ6eGRjdUJLR2VyMGxsVDc0UFBqdTVhQjkraGJ6Y2xMNFFqMHJ0Mitrd3Jla00KM3pEaXJzdVRNVHRGREljUWRuZ25ydEVKVWJCZjl5cDF0cTdMdUFLSzNLMmFmN0RGcWlMOWh1ZmhYKzFWZzEzSAo2ZjBkWUJxWnU1Skt1Ym42TnJVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCMXBpQkpWUG51VHQwSi9hUUVUQWlMSCtXODRUQ3Qwc2VEVHZ6NG9FTExvTEh4cS9VVwoxcFR4S1p3bEt0UW83RHd4eUQwb1ozNnU4elRuODJobmRWYmF4Qld4Q3Btbms1RDJocE9TbnVLU0c3cnhEeE5WCnB5YjNXekhBc2RSRVBtMkZWZFpFb3ExZW52Zk14bmJ1Q2pTcjdzNS9aYUpxM3QxZmtSdmNrWWQycXNoazhtY2EKK3pOV2FZRVNSUGdUblZNS2RUNDZWa2paaVdwT3pjSlJsUXBwU05Oa05VUCs5SHczY0gwZUcvQW9vMU5QcXdRdQpiMWdGYkFJUHhBTGlCRXFtLzY0aS9rOG8xNmQ2aXBGSkU3WHVSdnBZbkF0OXM5Sy84U29HakRBS2tyUnlxQ2J3CnVWZWdoZnZkWjFtQ0hWMk5MRHVxTmF0anUra0lJWGNBR3BnZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://192.168.99.101:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBRENDQWVpZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01USXhNREUwTURZME1Wb1hEVEl4TVRJeE1URTBNRFkwTVZvd01URVhNQlVHQTFVRQpDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGakFVQmdOVkJBTVREVzFwYm1scmRXSmxMWFZ6WlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEQTJhbHl1VW1qZzhseE9XSlVNeSsxSFlsNGJEdW8Kc0dkdU9pQ2ljNVRJYjlqd21IeWwzMFNjUkRyRjVBZ2tPb0dBYk5CdkM2YkhhNU44UTNEdXRydGprK3FwRUd0cQpFNStPZmQwb3lEVmYwRFMvYjFoejF4ZDNEei9ZZVo1NEl3UFVNa1JzdTVXQ1FuRTBSaEFwYXRPK3loTTNxcGlrCkdnTitNQnFLdy8zVUxoVGRhcXk4MEtJcCsvaFQvNVFubGlDeTlMR1ZqeE90ZXEyYTY0NVpoeThxOUNHa01WZlYKbGlNMDFHemsyOEpKTFZEQ21GQStnY2JmdnBuMXJUZUtvMlpWTzRmQWxGZTVIZ3NseGdwa0xkMGlCdUFTektsawpmQXBRNFRUNlE5Q1dpNGVpUVZnb3EvbG1ET1FmbDc5ZG1pSGNoSUR4Szk5LzFPVmpyNnVJNGh3RkFnTUJBQUdqClB6QTlNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBaDU2cWNjRWJKeVdjNVQ3NgozVTdieDJSQ3VORXQ3bUpvNStmdVdXQmN6VG9xWmliNjc4S1dWdDVkT05ITGN5bjQyT3A1b2plV3Z2UVZaS3RHCjlRelVWcVQrV0NqMG1ZRm5RR05qRHFyUXFUZGVROEI0Y2VEZ3F0VEFqbTkyeW0vVjdXTzZqeWR6SnRkOTJzS28Kek9NT05pcmp5bkgzT0QxZlJwUk0wYkZHU0ZpVDdTVjU2WDZ3bkxmNTlVcUh0ZWpkeGdjOGN1eVRIT3YxV2xiNgpiOTJxa0daVXg5dFlGVm1Fb2ExdWM1TERrOHVyMUdBUlg0ZHU4VndCd3cxQ3FYQWsyMmxISVFCZVg2b3FCaVdoCjJwUy9yL2ZIMkN1RzJaOTk3eGVkMnRwVS9teWo5QSs2Y2loeXhVcCtuTWN5aTE2OE5RWGcrQTlNK3g3OHlyUHQKM09FMjJ3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd05tcGNybEpvNFBKY1RsaVZETXZ0UjJKZUd3N3FMQm5iam9nb25PVXlHL1k4Smg4CnBkOUVuRVE2eGVRSUpEcUJnR3pRYnd1bXgydVRmRU53N3JhN1k1UHFxUkJyYWhPZmpuM2RLTWcxWDlBMHYyOVkKYzljWGR3OC8ySG1lZUNNRDFESkViTHVWZ2tKeE5FWVFLV3JUdnNvVE42cVlwQm9EZmpBYWlzUDkxQzRVM1dxcwp2TkNpS2Z2NFUvK1VKNVlnc3ZTeGxZOFRyWHF0bXV1T1dZY3ZLdlFocERGWDFaWWpOTlJzNU52Q1NTMVF3cGhRClBvSEczNzZaOWEwM2lxTm1WVHVId0pSWHVSNExKY1lLWkMzZElnYmdFc3lwWkh3S1VPRTAra1BRbG91SG9rRlkKS0t2NVpnemtINWUvWFpvaDNJU0E4U3ZmZjlUbFk2K3JpT0ljQlFJREFRQUJBb0lCQVFDTll3Y0lSUy9uNGNiZQphK1BiTjJ2U3JVVU1OTTNJYnd4bGs5ZzVRZVBpejUyTlJ6NmJuWVQvekVZS3I1UUllNXhXTzNEVStRWGRUdEZpCldVK0N0QlhPZTdPZkg1cWd1cUpRSlpidlAxbGlWWk5XaHB1aTBoOHgrc3drT1lZbExnYXdtK251amRpZkYzZEgKaTladGh4U1czREFhcjhnWkI3bG4ybnliSC9ZSWlEa1JTUCtvVnFuckIreFhnQkVobk8ycXNabjZUWGluSWVPaQppTzhxWTZPNDFrQlFrRHBGWnNwbk9wbFpkeTB1MmttMUVrbnZpbERXbE4xbmVGSU9KTWFZMC96eTUzWkpDY3lUCjI0YWtrTGsrWDZlUkVVSGc1WFFnTlFrNGEzaXYzbUpPYm9JY05ZTjRSU1ZnTWl6OEV2MjN5bThTV2xOLzBSeWEKSE5Qamgzd0JBb0dCQVBTMk54Tmp2K2J3b3hydWkybXp0RXRZdkVQUUFDdks2TTNzR2tpSzRqRnorTUxMTXZuUgpVdWRDamIvSGgxeFpKL1pIZG8xVHdZV1lYTmRlTHFLNjVGOGtyZE5WUGVNL0lkVC9weW5kZUFGZE9XelVDWHNLCnlmSGpEOWVCTExwUW1CMm9tZVhGSkdOTFZEY2p2NzJGanJxVExHUi9IZklSOXJuekJ2RWxrNVMxQW9HQkFNbS8KQkhPcFFBZ3hxanpLdjJUV3NlMkZzMnE1ZjZGeUVra0dwQ3JaNGQ1RzZhem1DSi9pS0dIT25hQk9RbUFiekhLRwpQRWRoL1l2ZHVxY1RmL3JScTZiSmJxVElQQkI2VTJQd2lxanhxRkRSdG55ZVhSK1hTbjREdUd3bU5EeG5hbWlnCjBqME5OOHU4dTJxTUN4WDR4Nm9RUlJCeFVvVmZXZUk4eHl3Ylljd1JBb0dBUlpuTjhHWGVud0N5WTJhVm9Hck0KVE9IZ0tpbHU0d1hEVVU1bDYxd1ZHWnV5bFRUV090ZWVqTWdSS1FySEpTejJnTVd5b2wvQUd3OUsyTGFnN1FmYgpESFNTUEJseWtML1VENURuS3JFakFNQlRKUERxQVdVQUt4dzUxVUdZUnlYRkhpcG1HMFFISlhhM2JUZHR3YW5LCi9xWDlhbGY5WEd4ZmtHUGZCWmQ2Y2tFQ2dZQXVrMVRaeHVjcmZSdktNUnlDa1RZK21iRlVJRU1nNkk3a0lRNWgKZmkrdyt6b1RXbi8vT1YwTlI0QUlkRWpLbTJCVnlEdStWeGNMNVVLa005SkYrNFhmV1gyYnVVWjBuMmtGRjVGTApjNDdpS2FneG1QWHl4eURCZXVabXdXTXAxczR3SFlDcjY1TklDK2hRcnNnWWFIamdBQ1dScURmZTVxWi9ubngwCjZGVnBvUUtCZ0JCOS9ESnhqZ2k3UmcwNWFiSGlLNlFvemcwV0l4VWZueVludVJ6bWRyN0gybHJPWjNsNVhtV2oKbmJLM2JER2FMTW5uK05acjlzd1kvK1JpRkozaDlSUTFlQ0kwMG03M09xUVZXRGFTV0dJbFE4M2ZRVFA5bkhMTgplTTFjanJ6clJDTmlWeHJIYmQyN29qZGhWdjlOcklCM1pxampMd3hUOE1ZY3l4SEQ5V3dvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

dari hasil describe secret dan juga kubectl config view diatas maka kita dapat mengambil data-data seperti dibawah ini

  • cluster-name:
minikube
  • certificate-authority-data:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01EZ3hPREE1TXpNeE5Wb1hEVE13TURneE56QTVNek14TlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0RSCkw4Y1VvWG00cEdMZzdLMzlxeDRNem1YODhrUHkxVnp5bXMzM2Rrd1FMYnZyMkFxSXpTQUNLeUl4R1JxNGYzeVUKMW5tY2RxanIydnU0K3diU1VsbURUZFdTWDNmZ2F5UG5iOWoxS0dkblA4UG4vWEh0dVdtcDFXNnk0VDlQTmR1YwpucEpXaG5ySDFwMjN1NmU5RGpYUjZ2UzhIN1RYVFdBTmdqRE5PcURDMnpIazJTU0tTR0cxYUErWDdiaThXQW4yCi9hTUw0cTFFOFNoT3kzMXZmcUJ6eGRjdUJLR2VyMGxsVDc0UFBqdTVhQjkraGJ6Y2xMNFFqMHJ0Mitrd3Jla00KM3pEaXJzdVRNVHRGREljUWRuZ25ydEVKVWJCZjl5cDF0cTdMdUFLSzNLMmFmN0RGcWlMOWh1ZmhYKzFWZzEzSAo2ZjBkWUJxWnU1Skt1Ym42TnJVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCMXBpQkpWUG51VHQwSi9hUUVUQWlMSCtXODRUQ3Qwc2VEVHZ6NG9FTExvTEh4cS9VVwoxcFR4S1p3bEt0UW83RHd4eUQwb1ozNnU4elRuODJobmRWYmF4Qld4Q3Btbms1RDJocE9TbnVLU0c3cnhEeE5WCnB5YjNXekhBc2RSRVBtMkZWZFpFb3ExZW52Zk14bmJ1Q2pTcjdzNS9aYUpxM3QxZmtSdmNrWWQycXNoazhtY2EKK3pOV2FZRVNSUGdUblZNS2RUNDZWa2paaVdwT3pjSlJsUXBwU05Oa05VUCs5SHczY0gwZUcvQW9vMU5QcXdRdQpiMWdGYkFJUHhBTGlCRXFtLzY0aS9rOG8xNmQ2aXBGSkU3WHVSdnBZbkF0OXM5Sy84U29HakRBS2tyUnlxQ2J3CnVWZWdoZnZkWjFtQ0hWMk5MRHVxTmF0anUra0lJWGNBR3BnZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  • server-address:
https://192.168.99.101:8443
  • token-user-sekolahlinux-sa
eyJhbGciOiJSUzI1NiIsImtpZCI6ImVfdldmcFluX0FCQVc0MllkcHdaU3N1dlZaaEI3VElFVHVfQTBUbUdFT3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFrYmFyLXNhLXRva2VuLTlxY2drIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFrYmFyLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjJjMjVjODAtYjFjMC00NzgwLTkzMTctMjkyN2I3MDU0MTQ4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWtiYXItc2EifQ.b04V0Am3UmGe0tKFzwb68S49AarNgFshvnsLz_dBPOJjcz6n_5DRWa0xNBBesUZY_ReAjs70yjswX2iIMSvaUEO7cXSCWxuQoh37JOXDN--TP_gXqIyfa3SWkdPM470TRoKU2uu3KxX0tTbPtS4MxlRUfxOOs4KEPVBfhXBhIoK2eAqUFIdXEOnBvhHvx92eQSH-9UDa77xHwH9yjUOqD8dsZ-p09KYH9id7Dt1YcL1CjNfWUrKV-NkzXLrCQaIkol-jvw_0qTUEwh9eSMD7uXWvi8ma0KPqAqExm1pMllM3z7BAgy01n3XeaGQf3Fwabn-0SozEO0PbKO_ENd6Dxg

berdasarkan point-point dari informasi diatas maka kita akan membuat file kube config yang isinya kurang lebih dan jika kita gabungkan akan menjadi seperti dibawah ini, disini saya memberi nama filenya kubeconf.yaml

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwdGFXNXAKYTNWaVpVTkJNQjRYRFRJd01EZ3hPREE1TXpNeE5Wb1hEVE13TURneE56QTVNek14TlZvd0ZURVRNQkVHQTFVRQpBeE1LYldsdWFXdDFZbVZEUVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS0RSCkw4Y1VvWG00cEdMZzdLMzlxeDRNem1YODhrUHkxVnp5bXMzM2Rrd1FMYnZyMkFxSXpTQUNLeUl4R1JxNGYzeVUKMW5tY2RxanIydnU0K3diU1VsbURUZFdTWDNmZ2F5UG5iOWoxS0dkblA4UG4vWEh0dVdtcDFXNnk0VDlQTmR1YwpucEpXaG5ySDFwMjN1NmU5RGpYUjZ2UzhIN1RYVFdBTmdqRE5PcURDMnpIazJTU0tTR0cxYUErWDdiaThXQW4yCi9hTUw0cTFFOFNoT3kzMXZmcUJ6eGRjdUJLR2VyMGxsVDc0UFBqdTVhQjkraGJ6Y2xMNFFqMHJ0Mitrd3Jla00KM3pEaXJzdVRNVHRGREljUWRuZ25ydEVKVWJCZjl5cDF0cTdMdUFLSzNLMmFmN0RGcWlMOWh1ZmhYKzFWZzEzSAo2ZjBkWUJxWnU1Skt1Ym42TnJVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXCk1CUUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RBVEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCMXBpQkpWUG51VHQwSi9hUUVUQWlMSCtXODRUQ3Qwc2VEVHZ6NG9FTExvTEh4cS9VVwoxcFR4S1p3bEt0UW83RHd4eUQwb1ozNnU4elRuODJobmRWYmF4Qld4Q3Btbms1RDJocE9TbnVLU0c3cnhEeE5WCnB5YjNXekhBc2RSRVBtMkZWZFpFb3ExZW52Zk14bmJ1Q2pTcjdzNS9aYUpxM3QxZmtSdmNrWWQycXNoazhtY2EKK3pOV2FZRVNSUGdUblZNS2RUNDZWa2paaVdwT3pjSlJsUXBwU05Oa05VUCs5SHczY0gwZUcvQW9vMU5QcXdRdQpiMWdGYkFJUHhBTGlCRXFtLzY0aS9rOG8xNmQ2aXBGSkU3WHVSdnBZbkF0OXM5Sy84U29HakRBS2tyUnlxQ2J3CnVWZWdoZnZkWjFtQ0hWMk5MRHVxTmF0anUra0lJWGNBR3BnZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://192.168.99.101:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    user: sekolahlinux-sa
  name: minikube
current-context: minikube
kind: Config
users:
- name: sekolahlinux-sa
  user:
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImVfdldmcFluX0FCQVc0MllkcHdaU3N1dlZaaEI3VElFVHVfQTBUbUdFT3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFrYmFyLXNhLXRva2VuLTlxY2drIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFrYmFyLXNhIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjJjMjVjODAtYjFjMC00NzgwLTkzMTctMjkyN2I3MDU0MTQ4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWtiYXItc2EifQ.b04V0Am3UmGe0tKFzwb68S49AarNgFshvnsLz_dBPOJjcz6n_5DRWa0xNBBesUZY_ReAjs70yjswX2iIMSvaUEO7cXSCWxuQoh37JOXDN--TP_gXqIyfa3SWkdPM470TRoKU2uu3KxX0tTbPtS4MxlRUfxOOs4KEPVBfhXBhIoK2eAqUFIdXEOnBvhHvx92eQSH-9UDa77xHwH9yjUOqD8dsZ-p09KYH9id7Dt1YcL1CjNfWUrKV-NkzXLrCQaIkol-jvw_0qTUEwh9eSMD7uXWvi8ma0KPqAqExm1pMllM3z7BAgy01n3XeaGQf3Fwabn-0SozEO0PbKO_ENd6Dxg

selanjutnya kita akan test file kube config diatas menjadi seperti dibawah ini, jika kita melakukan get pods pada namespace production maka akan mendapatkan output seperti dibawah ini

sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl get pods -n production --kubeconfig kubeconf.yaml
NAME                 READY   STATUS    RESTARTS   AGE
nginx-sekolahlinux   1/1     Running   0          3m55s

dan jika kita melakukan get pods pada namespaces selain namespace production, misalnya ke namespace kube-system maka akan mendapatkan output seperti dibawah ini

sekolahlinux@sekolahlinux:~/belajar/kubeconfig$ kubectl get pods -n kube-system --kubeconfig kubeconf.yaml 
Error from server (Forbidden): pods is forbidden: User "system:serviceaccount:default:akbar-sa" cannot list resource "pods" in API group "" in the namespace "kube-system"

nah sekian tutorial kali ini, semoga bermanfaat, jika ada yang kurang dipahami jangan sungkan bertanya ya, selamat mencoba 😀

LEAVE A REPLY

Please enter your comment!
Please enter your name here