Grant user access to namespace

Granting a user access to a particular namespace is done by creating a role-binding between the username and the role openstackuser-role which is created with the namespace.

First, as k8s admin check that the role is present in the namespace:

$ kubectl get roles -n $NAMESPACE
  NAME                 AGE
  openstackuser-role   19h

Now edit the following file which describes the rolebinding:

$ cat user_grant_namespace.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
    name: openstackuser-$OPENSTACK_USERNAME-rb
    namespace: $NAMESPACE
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: Role
    name: openstackuser-role
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: $OPENSTACK_USERNAME

where $OPENSTACK_USERNAME is the user’s username in the OpenStack environment and $NAMESPACE is the target namespace.

Now issue the following command:

$ kubectl create -f rb_user_grant_namespace

The use has access to $NAMESPACE!