3-14 6 views
定义角色
拥有查询pods、deployments的权限
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: itnotebooks name: fireye rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - apiGroups: ["extensions", "apps"] resources: ["deployments"] verbs: ["get", "watch", "list"] |
为itnotebooks命名空间创建用户fireye
|
1 2 3 4 5 |
apiVersion: v1 kind: ServiceAccount metadata: name: fireye namespace: itnotebooks |
为fireye用户绑定角色
指定用户fireye及所属的命名空间
授权逻辑参照:https://v1-18.docs.kubernetes.io/zh/docs/reference/access-authn-authz/rbac/
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: fireye namespace: itnotebooks subjects: - kind: User name: fireye apiGroup: rbac.authorization.k8s.io - kind: ServiceAccount name: fireye namespace: itnotebooks roleRef: kind: Role name: fireye apiGroup: rbac.authorization.k8s.io |
如果想赏钱,可以用微信扫描下面的二维码,一来能刺激我写博客的欲望,二来好维护云主机的费用; 另外再次标注博客原地址 itnotebooks.com 感谢!
