{"id":19044468,"url":"https://github.com/tilt-dev/k8s-rbac-testing","last_synced_at":"2025-04-23T23:27:35.268Z","repository":{"id":105912944,"uuid":"190212202","full_name":"tilt-dev/k8s-rbac-testing","owner":"tilt-dev","description":"Shell scripts for help automating rbac setup","archived":false,"fork":false,"pushed_at":"2020-06-12T13:25:32.000Z","size":26,"stargazers_count":8,"open_issues_count":0,"forks_count":9,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-18T07:52:08.198Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tilt-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-06-04T13:56:18.000Z","updated_at":"2020-09-18T15:14:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"ff88c560-843f-4d8f-85cb-93c9077cc2fe","html_url":"https://github.com/tilt-dev/k8s-rbac-testing","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tilt-dev%2Fk8s-rbac-testing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tilt-dev%2Fk8s-rbac-testing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tilt-dev%2Fk8s-rbac-testing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tilt-dev%2Fk8s-rbac-testing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tilt-dev","download_url":"https://codeload.github.com/tilt-dev/k8s-rbac-testing/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250530977,"owners_count":21445896,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T22:46:24.430Z","updated_at":"2025-04-23T23:27:35.257Z","avatar_url":"https://github.com/tilt-dev.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kubernetes RBAC Testing\n\nShell scripts for help automating RBAC setup on test Kubernetes clusters\n\nThe primary purpose is to create:\n- a service account\n- a namespace\n- RBAC rules that restrict the service account to only read/write to that namespace\n- RBAC rules that let the service account read Node information\n- a kubeconfig for the service account\n\n## Usage:\n\n```\n$ ./create-restricted-namespace.sh [namespace]\n```\n\nCreates a kubeconfig with a token for authentication. Instructions on how\nto use the kubeconfig will be printed to stdout.\n\nReal, production auth systems use short-lived tokens that need to be refreshed\nperiodically (e.g., aws-iam-authenticator). If you'd like to simulate that flow,\nuse the `-e` option to create a fake auth script with rotate-able tokens.\n\n```\n$ ./create-restricted-namespace.sh -e [namespace]\n```\n\nInstructions on how to rotate the token will be printed to stdout.\n\n## QA\n\nVerified working on\n- [Minikube](https://github.com/kubernetes/minikube)\n- [KIND (Kubernetes IN Docker)](https://github.com/kubernetes-sigs/kind)\n- [Docker For Desktop (Docker for Mac)](https://www.docker.com/products/docker-desktop)\n- [microk8s](https://microk8s.io/) - with Microk8s 1.15+, when you run `microk8s.enable rbac`\n\nWon't work with:\n- [kubeadm-dind-cluster](https://github.com/kubernetes-sigs/kubeadm-dind-cluster) - Configured to use the insecure API endpoint by default\n\n## Credits\n\nThanks to:\n\n- [The Kubernetes RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)\n- [Kubernetes and RBAC: Restrict User Access to One Namespace by Jeremie Vallee](https://jeremievallee.com/2018/05/28/kubernetes-rbac-namespace-user.html)\n- [Debugging help from Guillaume Rose](https://github.com/docker/for-mac/issues/3694)\n\n## License\n\nCopyright 2019 Windmill Engineering\n\nLicensed under [the Apache License, Version 2.0](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftilt-dev%2Fk8s-rbac-testing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftilt-dev%2Fk8s-rbac-testing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftilt-dev%2Fk8s-rbac-testing/lists"}