Is there a way to prevent kubectl from de-registering kubernetes nodes?

0 votes

I was testing some commands and I ran

$ kubectl delete nodes --all

and it deletes de-registers all the nodes including the masters. Now I can't connect to the cluster (Well, Obviously as the master is deleted).

Is there a way to prevent this as anyone could accidentally do this?

Extra Info: I am using KOps for deployment.

P.S. It does not delete the EC2 instances and the nodes come up on doing a EC2 instance reboot on all the instances.

Aug 29, 2018 in AWS by bug_seeker
• 14,970 points
21 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

By default, you using something like a superuser who can do anything he want with a cluster.

For limit access to a cluster for other users you can use RBAC authorization for. By RBAC rules you can manage access and limits per resource and action.

In few words, for do that you need to:

  1. Create new cluster by Kops with --authorization RBAC or modify existing one by adding 'rbac' option to cluster's configuration to 'authorization' section:

  2. authorization:
     rbac: {}

  3. Now, we can follow that instruction from Bitnami for create a user. For example, let's creating a user which has access only to office namespace and only for a few actions. So, we need to create a namespace firs:

  4. kubectl create namespace office

  5. Create a key and certificates for new user:

  6. openssl genrsa -out employee.key 2048

  7. openssl req -new -key employee.key -out employee.csr -subj "/CN=employee/O=bitnami"

  8. Now, using your CA authority key (It available in the S3 bucket under PKI) we need to approve new certificate:

  9. openssl x509 -req -in employee.csr -CA CA_LOCATION/ca.crt -CAkey CA_LOCATION/ca.key -CAcreateserial -out employee.crt -days 500

  10. Creating credentials:

  11. kubectl config set-credentials employee --client-certificate=/home/employee/.certs/employee.crt  --client-key=/home/employee/.certs/employee.key

  12. Setting a right context:

  13. kubectl config set-context employee-context --cluster=YOUR_CLUSTER_NAME --namespace=office --user=employee

answered Aug 29, 2018 by Priyaj
• 56,120 points

Related Questions In AWS

0 votes
1 answer

Is there any way to use boto3 anonymously?

Yes. Your credentials are used to sign ...READ MORE

answered Jul 18, 2018 in AWS by Cloud gunner
• 4,240 points
115 views
+1 vote
2 answers

Is there a API to get AWS Marketplace Products

AWS Marketplace Entitlement Service API Reference The AWS ...READ MORE

answered Aug 1, 2018 in AWS by findingbugs
• 4,730 points
44 views
0 votes
1 answer

Is it possible to access kubernetes guestbook application from browser?

this link helped : https://github.com/GoogleCloudPlatform/kubernetes/issues/6158 see hack solution by ...READ MORE

answered Sep 26, 2018 in AWS by Priyaj
• 56,120 points
58 views
0 votes
1 answer

Deploy Docker Containers from Docker Cloud

To solve this problem, I followed advice ...READ MORE

answered Sep 3, 2018 in AWS by Priyaj
• 56,120 points
60 views
0 votes
1 answer
0 votes
1 answer

Is there a way to move AWS Elasticsearch to another account

Create a role with Elasticsearch permission. Provide the iam:PassRole for ...READ MORE

answered Oct 30, 2018 in AWS by Priyaj
• 56,120 points
25 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.