首页 > 其他分享> > Kubernetes学习笔记（二十二）：Authentication 身份认证

Kubernetes学习笔记（二十二）：Authentication 身份认证

2022-08-26 22:33:23 作者：互联网

kubectl create serviceaccount sa1

kubectl get serviceaccount

验证方式kube-apiserver：

Static Password File
Static Token File
Certificates
Identity Services，第三方身份验证协议，如LDAP、Kerberos等

Static Password File ：

user-details.csv :

password,username,userid(,groupname optional)
...

user-token-details.csv

token,username,userid(,groupname optional)
...

定义方式：

--basic-auth-file=user-details.csv --token-auth-file=user-details.csv apiserver重启才能生效

kubeadm /etc/kubernetes/manifests/kube-apiserver.yaml

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-apiserver
    - --authorization-mode=Node,RBAC
    - --advertise-address=172.17.0.107
    - --allow-privileged=true
    - --enable-admission-plugins=NodeRestriction
    - --enable-bootstrap-token-auth=true
    image: k8s.gcr.io/kube-apiserver-amd64:v1.11.3
    name: kube-apiserver

访问：

curl -v -k https://master-node-ip:6443/api/v1/pods -u "username:password" {data...}
curl -v -k <link> --header "Authorization: Bearer xxxxxxxx"

注意点：

不推荐使用静态储存（在v1.19已弃用）
Consider volume mount while providing the auth file in a kubeadm setup
Setup Role Based Authorization for the new users

标签：二十二,csv,Kubernetes,--,token,auth,apiserver,Authentication,kube
来源： https://www.cnblogs.com/Bota5ky/p/16629429.html