1
kubernetes中用户rbac的建立
source link: https://bajie.dev/posts/20230222-kubernetes_rbac/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Kubernetes中用户rbac的建立
2023-02-22
1 分钟阅读
k8s里面建立一个用户,然后给特定权限,再做rolebinding的过程,给个标准的建立jenkins-admin的用户的过程:
简单来说,三步,ServiceAccout –> Role –> Rolebinding
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-admin
namespace: devops-tools
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins
namespace: default
labels:
"app.kubernetes.io/name": 'jenkins'
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-role-binding
namespace: default
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins-admin
namespace: default
资源的链接:https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/rbac/
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK