https://aungzanbaw.medium.com/a-step-by-step-guide-to-creating-users-in-kubernetes-6a5a2cfd8c71
https://hbayraktar.medium.com/how-to-create-a-user-in-a-kubernetes-cluster-and-grant-access-bfeed991a0ef
https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#create-certificatessigningrequest


		     RBAC
# k auth whoami

# k config get-users 

# k auth can-i --help

# k api-resources -o wide

# k api-resources | head -1 ; k api-resources | grep Role$

# curl -k https://localhost:16443/api/v1/namespaces/default/pods/un-pod/log

# k get clusterroles admin -o yaml | less


# openssl genpkey -out alice.key -algorithm Ed25519
# openssl req -new -key alice.key -out alice.csr -subj "/CN=alice/O=diablotin"
# vi csr_alice.yaml
# sed -i "s/request:.*$/request: $(cat alice.csr | base64 | tr -d '\n')/" csr_alice.yaml
# k create -f csr_alice.yaml
# k certificate approve alice
# k describe csr/alice
# k get csr/alice -o jsonpath="{.status.certificate}" | base64 -d > alice.crt
# k config view --raw > alice-kube-config
# k --kubeconfig alice-kube-config config set-credentials alice --client-key alice.key --client-certificate alice.crt --embed-certs=true
	===> modifie le fichier alice-kube-config (pour y "définir" alice)
# k --kubeconfig alice-kube-config config set-context alice --cluster $(k config get-clusters | tail -1) --namespace alice --user alice
	===> modifie fichier alice-kube-config (pour y "définir" contexte alice)

 create des role et rolebinding alice/lectrice
# k describe role -n alice alice-pod-consult
# k config get-contexts --kubeconfig alice-kube-config --context alice --user alice
    IDEM    # k config get-contexts --kubeconfig alice-kube-config

# k auth can-i get pods --namespace=alice --as=alice   # list, watch
# k auth can-i create pod --namespace=alice --as=alice   # delete, patch


[ # k config use-context alice [ --kubeconfig alice-kube-config ] ]
# k get po -n alice --kubeconfig alice-kube-config 

# k config use-context microk8s  (pour "re-"basculer sur user admin)


https://github.com/brendandburns/kubernetes-adduser

https://kubernetes.io/fr/docs/reference/access-authn-authz/rbac/