I'm having some issues with my company's IT and security team. After setting up an RKE2 cluster using some corporate automation scripts from a bastion server, my sudo privileges were removed. Now, I can't even access my kubeconfig file or run basic kubectl or helm commands. My sysadmin keeps asking why I need these privileges to manage Kubernetes, and I'm struggling to articulate the requirement. Can anyone help me explain what I actually need to effectively administer my cluster and deploy helm charts?
1 Answer
You actually don't need root access on the bastion server for this! It's better to use a separate user. Just copy your kube config to your local machine and use the bastion as a jump box to access the cluster API. If you need to manage access, consider using an IdP or PAM solution instead of relying on sudo.
What are some examples of IdP and PAM? Would this include things like service accounts or tools like Dex?