芳草集甘草零负担保湿面膜,杀了我治愈我韩剧,中国大学生
1 apiversion: rbac.authorization.k8s.io/v1 2 kind: role 3 metadata: 4 namespace: default 5 name: pod-reader 6 rules: 7 - apigroups: [""] # "" indicates the core api group 8 resources: ["pods"] 9 verbs: ["get", "watch", "list"]
1 apiversion: rbac.authorization.k8s.io/v1 2 kind: clusterrole 3 metadata: 4 # "namespace" omitted since clusterroles are not namespaced 5 name: secret-reader 6 rules: 7 - apigroups: [""] 8 resources: ["secrets"] 9 verbs: ["get", "watch", "list"]
1 apiversion: rbac.authorization.k8s.io/v1 2 # this role binding allows "jane" to read pods in the "default" namespace. 3 kind: rolebinding 4 metadata: 5 name: read-pods 6 namespace: default 7 subjects: 8 - kind: user 9 name: jane # name is case sensitive 10 apigroup: rbac.authorization.k8s.io 11 roleref: 12 kind: role #this must be role or clusterrole 13 name: pod-reader # this must match the name of the role or clusterrole you wish to bind to 14 apigroup: rbac.authorization.k8s.io
1 [root@master ~]# kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods 2 role.rbac.authorization.k8s.io/pod-reader created
1 [root@master ~]# kubectl create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
1 [root@master ~]# kubectl create role foo --verb=get,list,watch --resource=replicasets.apps
1 [root@master ~]# kubectl create role foo --verb=get,list,watch --resource=pods,pods/status
1 [root@master ~]# kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pods
1 [root@master ~]# kubectl create clusterrole pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
1 [root@master ~]# kubectl create clusterrole foo --verb=get,list,watch --resource=replicasets.apps
1 [root@master ~]# kubectl create clusterrole foo --verb=get,list,watch --resource=pods,pods/status
1 [root@master ~]# kubectl create clusterrole "foo" --verb=get --non-resource-url=/logs/*
1 [root@master ~]# kubectl create rolebinding bob-admin-binding --clusterrole=admin --user=bob --namespace=acme
1 [root@master ~]# kubectl create rolebinding myapp-view-binding --clusterrole=view --serviceaccount=acme:myapp --namespace=acme
1 [root@master ~]# kubectl create rolebinding myappnamespace-myapp-view-binding --clusterrole=view --serviceaccount=myappnamespace:myapp --namespace=acme
1 [root@master ~]# kubectl create rolebinding myappnamespace-myapp-view-binding --clusterrole=view --serviceaccount=myappnamespace:myapp --namespace=acme
1 [root@master ~]# kubectl create clusterrolebinding kube-proxy-binding --clusterrole=system:node-proxier --user=system:kube-proxy
1 [root@master ~]# kubectl create clusterrolebinding myapp-view-binding --clusterrole=view --serviceaccount=acme:myapp
1 [root@master ~]# kubectl get role -n kube-system
1 [root@master ~]# kubectl describe role extension-apiserver-authentication-reader -n kube-system
如对本文有疑问,请在下面进行留言讨论,广大热心网友会与你互动!! 点击进行留言回复
网友评论