12-kubernetes-rbac
12-kubernetes RBAC 角色访问控制
授权插件,常用Node认证,ABAC,RBAC(Role-based AC),Webhook
-
角色(role)
-
operations
-
objects
-
角色绑定(rolebinding)
-
user account OR service acount
-
role
-
许可(permission)
-
集群角色(cluster role)
-
集群角色绑定(cluster rolebinding)
API:Request path
格式:/apis/<GROUP>/<VERSION>/namespaces/<NAMESPACE_NAME>/<KIND>[/OBJECT_ID]
kubectl api-version http://localhost:8080/apis/apps/v1/namespaces/default/deployments/myapp-deploy/ /apis/apps/v1 /apis/apps/b1beta1 /apis/apps/b1beta2
role创建方法
kubectl create role pods-reader -h kubectl create role pods-reader --verb=get,list,watch --resource=pods --dry-run -o yaml >/tmp/role-demo.yaml #查看 kubectl get role kubectl describe role pods-reader
绑定帐号到对应许可权限
kubectl create rolebinding leiyan-read-pods --role=pods-reader --user=leiyan --dry-run -o yaml kubectl describe rolebinding magedu-read-pods
Cluster role 创建方法
kubectl create clusterrole pods-reader -h kubectl create clusterrole cluster-reader --verb=get,list,watch --resource=pods --dry-run -o yaml >/tmp/clusterrole-demo.yaml #查看 kubectl get clusterrole kubectl describe clusterrole cluster-reader
绑定帐号到集群级许可权限
kubectl create clusterrolebinding leiyan-test --clusterrole=cluster-reader --user=leiyan --dry-run -o yaml kubectl describe clusterrolebinding leiyan-test
橙子柠檬》原创,转载请保留文章出处。
本文链接:https://qinzc.me/post-233.html
版权声明:若无特殊注明,本文为《正文到此结束
发表吐槽
你肿么看?
既然没有吐槽,那就赶紧抢沙发吧!