diff --git a/.infrastructure/security/rbac.yml b/.infrastructure/security/rbac.yml new file mode 100644 index 0000000..b13b5b6 --- /dev/null +++ b/.infrastructure/security/rbac.yml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: secrets-reader + namespace: todoapp + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: todoapp + name: secret-list-role +rules: + - apiGroups: [""] + resources: ["secrets", "pods"] + verbs: ["watch", "get", "list"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: secret-list-role-binding + namespace: todoapp +subjects: + - kind: ServiceAccount + name: secrets-reader +roleRef: + kind: Role + name: secret-list-role + apiGroup: rbac.authorization.k8s.io diff --git a/README.md b/README.md index e876337..64c8c3f 100644 --- a/README.md +++ b/README.md @@ -43,3 +43,34 @@ Now you can browse the [API](http://localhost:8000/api/) or start on the [landin 1. Make a screenshot of the output and attach it to the PR 1. `README.md` should have instructuions on how to validate the changes 1. Create PR with your changes and attach it for validation on a platform. + + +## Steps to Deploy + +1.Use kind to create a Kubernetes cluster: +``` +kind create cluster --config=cluster.yml +``` + +2.Deploy bootstrap.sh +``` +bash bootstrap.sh +``` + +3. Access the Pod's Shell:` +``` +kubectl exec -it -n todoapp -- sh +``` + +4. Set Up the Necessary Variables: +``` +APISERVER=https://kubernetes.default.svc +SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount +TOKEN=$(cat ${SERVICEACCOUNT}/token) +CACERT=${SERVICEACCOUNT}/ca.crt +``` + +5. Execute the Curl Command to List Pods +``` +curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/todoapp/secrets +``` diff --git a/bootstrap.sh b/bootstrap.sh index 2d534d7..8442208 100644 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -1,4 +1,6 @@ #!/bin/bash +kubectl apply -f .infrastructure/security/rbac.yml + kubectl apply -f .infrastructure/mysql/ns.yml kubectl apply -f .infrastructure/mysql/configMap.yml kubectl apply -f .infrastructure/mysql/secret.yml