kubernetes 源码安装1.18.3 (8)授权 apiserver 访问 kubelet
授权 apiserver 访问 kubeletcat > apiserver-to-kubelet-rbac.yaml<< EOFapiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "tr
·
授权 apiserver 访问 kubelet
cat > apiserver-to-kubelet-rbac.yaml<< EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:kube-apiserver-to-kubelet
rules:
- apiGroups:
- ""
resources:
- nodes/proxy
- nodes/stats
- nodes/log
- nodes/spec
- nodes/metrics
- pods/log
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:kube-apiserver
namespace: ""
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kube-apiserver-to-kubelet
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kubernetes
EOF
部署
kubectl apply -f apiserver-to-kubelet-rbac.yaml
返回
clusterrole.rbac.authorization.k8s.io/system:kube-apiserver-to-kubelet created
clusterrolebinding.rbac.authorization.k8s.io/system:kube-apiserver created
查看是否创建
[root@k8s-master01 k8s]# kubectl get clusterrole,clusterrolebinding | grep system:kube-apiserver
clusterrole.rbac.authorization.k8s.io/system:kube-apiserver-to-kubelet 2020-12-10T06:39:24Z
clusterrolebinding.rbac.authorization.k8s.io/system:kube-apiserver ClusterRole/system:kube-apiserver-to-kubelet
更多推荐
已为社区贡献17条内容
所有评论(0)