680b7b9bf8
We do not want to pass the admin kubeconfig to the customers. It's extremely hard to revoke the access of an admin kubeconfig and we would need to rotate the cluster's CA to do that. But with RBAC tokens, we can easily reovke accesss by deleting the secret or SA. So for now we will create a SA, ClusterRolebinding and secret for creating a RBAC token and then passing the customers a kubeconfig with that. We will use the cluster-admin ClusterRole to give enough access to the customer to do whatever they want.
1.0 KiB
1.0 KiB