Kubernetes学习笔记(二十七):Role Based Access Controls
作者:互联网
developer-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: developer
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["list", "get", "create", "update", "delete"]
- apiGroups: [""]
resources: ["ConfigMap"]
verbs: ["create"]
创建角色:kubectl create -f developer-role.yaml
devuser-developer-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: devuser-developer-binding
subjects:
- kind: User
name: dev-user
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: developer
apiGroup: rbac.authorization.k8s.io
创建角色绑定:kubectl create -f devuser-developer-binding.yaml
查询:
kubectl get roles
kubectl get rolebindings
kubectl describe role developer
kubectl describe rolebinding devuser-developer-binding
验证权限:
kubectl auth can-i create deployments
kubectl auth can-i delete nodes --as dev-user --namespace test
标签:kubectl,Based,Kubernetes,create,binding,Access,io,k8s,developer 来源: https://www.cnblogs.com/Bota5ky/p/16671199.html