Configure Users, Groups, and Authorization

You can create a user, and optionally one or more groups that the user is a member of, in your Windows Active Directory server.

About this task

The example below is for a testuser user who is a member of the, billingDeptGroup, and managerGroup groups. See Microsoft documentation on Windows Active Directory for additional information on adding users and groups to Windows Active Directory.

Use the following procedure to configure the desired authorization on StarlingX for the user or the user’s group(s):

Procedure

  1. In StarlingX, bind Kubernetes RBAC role(s) for the testuser.

    For example, give testuser admin privileges, by creating the following deployment file, and deploy the file with kubectl apply -f <filename>.

    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
     name: testuser-rolebinding
    roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: cluster-admin
    subjects:
    - apiGroup: rbac.authorization.k8s.io
      kind: User
      name: testuser
    

    Alternatively, you can bind Kubernetes RBAC role(s) for the group(s) of the testuser.

    For example, give all members of the billingDeptGroup admin privileges, by creating the following deployment file, and deploy the file with kubectl apply -f <filename>.

    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
     name: testuser-rolebinding
    roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: cluster-admin
    subjects:
    - apiGroup: rbac.authorization.k8s.io
      kind: Group
      name: billingDeptGroup