Configure Users, Groups, and Authorization¶
You can create a user, and optionally one or more groups that the user is a member of, in your Windows Active Directory server.
About this task
The example below is for a testuser user who is a member of the, billingDeptGroup, and managerGroup groups. See Microsoft documentation on Windows Active Directory for additional information on adding users and groups to Windows Active Directory.
Use the following procedure to configure the desired authorization on StarlingX for the user or the user’s group(s):
Procedure
In StarlingX, bind Kubernetes RBAC role(s) for the testuser.
For example, give testuser admin privileges, by creating the following deployment file, and deploy the file with kubectl apply -f <filename>.
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: testuser-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: testuser
Alternatively, you can bind Kubernetes RBAC role(s) for the group(s) of the testuser.
For example, give all members of the billingDeptGroup admin privileges, by creating the following deployment file, and deploy the file with kubectl apply -f <filename>.
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: testuser-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - apiGroup: rbac.authorization.k8s.io kind: Group name: billingDeptGroup