K8S权限控制,限制用户在多个namespace上的访问权限
参考:https://www.cnblogs.com/aresxin/p/k8s-sc.htmlhttps://blog.csdn.net/ljx1528/article/details/85226422遇到的问题:Error from server (Forbidden): deployments.apps is forbidden: User "system:serviceaccount:de
·
参考:
https://www.cnblogs.com/aresxin/p/k8s-sc.html
https://blog.csdn.net/ljx1528/article/details/85226422
遇到的问题:
Error from server (Forbidden): deployments.apps is forbidden: User "system:serviceaccount:default:dev" cannot create resource "deployments" in API group "apps" in the namespace "k8s"
对需要的namespace进行授权,以下示例为对app命名空间授权。
kubectl create rolebinding rbd-dev --clusterrole=cluster-admin --serviceaccount=default:dev --namespace=app
~/.kube/config 添加
contexts:
- context:
cluster: kubernetes
user: dev
name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: dev
user:
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRldi10b2tlbi04emRrOCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZXYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3OTljYWFlOC03Mzc5LTExZWMtYjU0Ny1hNGJmMDExYzIzMjEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZXYifQ.RY1tGid9wRABUGIsSQvGx57rn6GC7dYlL57VJ2Y6N1ex6EnPeml8_Mcv0pq52zdV61oNr-BZQpH2yRn8UshYiq8rgQaFalTdz2TulaQ_kEwtjGq2aciOjqJ2uQp2wCPojOs437NnPbD0Uj73m1uQilcyzcw_ZL7gI60wlbthtRYNcH6N7qSGJrvMpVjRiL8nlCZDl2FH7t8SLZbWQKN1tsebBVQtMLhxwEjIpDkMDMVXJ-HhKrlJiD7GJbfiN1iqzb9D8a_f82N5_0V4kP_Vbb3FSUojNoIa25yFa_1mnugfow27u8MSFotJWZA9whpqgzDGwSHAMREjNxjw6grDbQ
user: dev 指serviceaccount
配置好之后用户在namespace app下具有 pod的所有权限,在其他的namespace只具有查看权限
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献3条内容
所有评论(0)