This guide walks you through implementing Role-Based Access Control (RBAC) and Network Policies in a Minikube Kubernetes cluster. We'll cover setup, configuration, testing, and troubleshooting specifically tailored for a Minikube environment.

Prerequisites

• Minikube: Ensure you have Minikube installed and running. If not, download and install it from the official website: https://minikube.sigs.k8s.io/
• kubectl: You'll need the Kubernetes command-line tool, kubectl, installed and configured to interact with your Minikube cluster.

Project Setup

1. Start Minikube:

   minikube start

This command will start your Minikube cluster if it's not already running.

1. Verify Minikube Status:

   minikube status

You should see output indicating that Minikube is running and your cluster is ready.

Project Structure

We'll use the same project structure as before:

/day27-rbac-network-policies
    ├── rbac
    │   ├── role.yaml
    │   ├── rolebinding.yaml
    │   └── serviceaccount.yaml
    └── network-policies
        └── frontend-to-backend.yaml

RBAC Implementation

Path: /day27-rbac-network-policies/rbac/

1. serviceaccount.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dev-user
  namespace: default

2. role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""] 
  resources: ["pods"]
  verbs: ["get", "list", "watch"]

3. rolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
  namespace: default
subjects:
- kind: ServiceAccount
  name: dev-user 
  namespace: default
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

Network Policies Implementation

Path: /day27-rbac-network-policies/network-policies/

frontend-to-backend.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: frontend-to-backend
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: backend
  policyTypes:
  - Ingress 
  ingress:
  - from:
    - podSelector:
        matchLabels:
          role: frontend 

Applying RBAC and Network Policy

1. Apply RBAC Configuration:

   kubectl apply -f /day27-rbac-network-policies/rbac/

1. Apply Network Policy:

   kubectl apply -f /day27-rbac-network-policies/network-policies/frontend-to-backend.yaml

Testing RBAC and Network Policy

1. Deploy Sample Frontend and Backend Pods:

   • Create simple deployments for frontend and backend pods (you can find example deployments in the Kubernetes documentation).
   • Make sure to label your pods with role: frontend and role: backend respectively.

2. Test RBAC:
   

   kubectl auth can-i get pods --as=system:serviceaccount:default:dev-user

1. Test Network Policy:
   • Access the backend pod from the frontend pod (e.g., using curl or wget if you have those tools installed in your pods). This should be successful.
   • Try to access the backend pod from outside the cluster (e.g., from your local machine). This should be blocked by the network policy.

Resource Cleanup

# RBAC Cleanup
kubectl delete role pod-reader -n default
kubectl delete rolebinding read-pods -n default
kubectl delete serviceaccount dev-user -n default

# Network Policy Cleanup
kubectl delete networkpolicy frontend-to-backend -n default

# Pod Cleanup (replace with your pod names)
kubectl delete pod <frontend-pod-name> -n default
kubectl delete pod <backend-pod-name> -n default

# Stop Minikube (optional)
minikube stop

Troubleshooting in Minikube

• Minikube Status: Check the status using minikube status.
• Context Issues: Ensure you’re using the Minikube context:

  kubectl config use-context minikube

• Network Add-ons: Verify that Minikube’s network add-on is enabled.
• Minikube Dashboard: Use minikube dashboard for a visual overview of your cluster resources.

Additional Resources

• Kubernetes RBAC Documentation
• Kubernetes Network Policies Documentation
• Minikube Documentation
• Katacoda Interactive Kubernetes Tutorials