AppsCode
  • KubeDB

    Run Production-Grade Databases on Kubernetes

    arrow_forward
    Stash

    Backup and Recovery Solution for Kubernetes

    arrow_forward
    KubeVault

    Run Production-Grade Vault on Kubernetes

    arrow_forward
    Voyager

    Secure HAProxy Ingress Controller for Kubernetes

    arrow_forward
    KubeDB

    KubeDB simplifies Provision, Upgrade, Scaling, Volume Expansion, Monitor, Backup, Restore for various Databases in Kubernetes on any Public & Private Cloud

    • task_altLower administrative burden
    • task_altNative Kubernetes Support
    • task_altPerformance
    • task_altAvailability and durability
    • task_altManageability
    • task_altCost-effectiveness
    • task_altSecurity
    Stash

    A complete Kubernetes native disaster recovery solution for backup and restore your volumes and databases in Kubernetes on any public and private clouds.

    • task_altDeclarative API
    • task_altBackup Kubernetes Volumes
    • task_altBackup Database
    • task_altMultiple Storage Support
    • task_altDeduplication
    • task_altData Encryption
    • task_altVolume Snapshot
    • task_altPolicy Based Backup
    KubeVault

    KubeVault is a Git-Ops ready, production-grade solution for deploying and configuring Hashicorp's Vault on Kubernetes.

    • task_altVault Kubernetes Deployment
    • task_altAuto Initialization & Unsealing
    • task_altVault Backup & Restore
    • task_altConsume KubeVault Secrets with CSI
    • task_altManage DB Users Privileges
    • task_altStorage Backend
    • task_altAuthentication Method
    • task_altDatabase Secret Engine
    Voyager

    Secure HAProxy Ingress Controller for Kubernetes

    • task_altHTTP & TCP
    • task_altSSL
    • task_altPlatform support
    • task_altHAProxy
    • task_altPrometheus
    • task_altLet's Encrypt
  • Guard

    Kubernetes Authentication WebHook Server

    • task_altIdentity Providers
    • task_altCLI
    • task_altRBAC
    Kubed

    Kubernetes cluster manager daemon

    • task_altDisaster Recovery
    • task_altEvent Forwarder
    • task_altConfiguration Syncer
    • task_altRecycle Bin
    • task_altEvent Notifiers
    • task_altJanitor
  • Webinar New
Swift
github-icon twitter-icon
TRY NOW FREE

We use cookies and other similar technology to collect data to improve your experience on our site, as described in our Privacy Policy.

Using RBAC with Swift

This tutorial will show you how to use Swift in a RBAC enabled cluster.

Before You Begin

At first, you need to have a RBAC enabled Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube. To create a RBAC enabled cluster using MiniKube, follow the instructions below:

  • If you are currently running a Minukube cluster without RBAC, delete the cluster. This will delete any objects running in the cluster.
minikube delete
  • Now, create a RBAC cluster with RBAC enabled.
minikube start --extra-config=apiserver.Authorization.Mode=RBAC
  • Once the cluster is up and running, you need to set ServiceAccount for the kube-dns addon to successfully run it.
# Wait for kube-dns deployment to be created.
$  kubectl get deployment -n kube-system --watch

# create kube-dns ServiceAccount
$ kubectl create serviceaccount kube-dns -n kube-system

# Patch kube-dns Deployment to set service account for pods.
$ kubectl patch deployment kube-dns -n kube-system -p '{"spec":{"template":{"spec":{"serviceAccountName":"kube-dns"}}}}'

# Wait for kube-dns pods to start running
$ kubectl get pods -n kube-system --watch

$ kubectl version --short
Client Version: v1.7.6
Server Version: v1.7.5

Deploy Tiller

Now, install Tiller server in your cluster following the commands below.

$ kubectl create serviceaccount tiller --namespace kube-system
$ kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
$ helm init --service-account tiller

$ helm version --short
Client: v2.7.0+g08c1144
Server: v2.7.0+g08c1144

Consult Tiller and Role-based Access Control for other configurations.

Deploy Swift

Now deploy Swift with necessary RBAc permissions using the following command:

curl -fsSL https://raw.githubusercontent.com/appscode/swift/v0.12.1/hack/deploy/swift.sh | bash

To check if Swift proxy pods have started, run the following command:

kubectl get pods --all-namespaces -l app=swift --watch

Once the proxy pods are running, you can cancel the above command by typing Ctrl+C.

Test Swift

To test Swift server, let’s deploy a test chart included in this repo:

helm install test/hello --name=tester
helm ls

Now, to expose Swift proxy using a NodePort service, run the following command:

kubectl patch svc swift -n kube-system -p '{"spec":{"type":"NodePort"}}'

Find out the ip address for the minikube cluster.

$ minikube ip
192.168.99.100

Now, open your browser and go to the following URL: http://{minikube-ip}:{9855-nodeport}/tiller/v2/releases/json.

release-list

Cleaning up

If you would like to uninstall Swift proxy, please follow the steps here.

What's on this Page

Search
Improve This Page