小贝子编程

无法发现受支持的资源



我正在尝试创建具有有限命名空间访问权限的用户。 创建了名为测试的命名空间,还创建了组:程序员,用户:前端。通过以下 http://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/为用户:前端生成凭据

我创建了一个角色。这是我的角色.yml

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test
name: frontend-developer
rules:
- apiGroups: ["","extensions","apps"]
resources: ["deployments","replicasets","pods"]
verbs: ["get","list","watch","create","patch"]`

我创建了角色绑定。这是角色绑定.yml

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: frontend-deploy
namespace: test
subjects:
- kind: User
name: frontend
namespace: test
roleRef:
kind: Role
name: frontend-developer
apiGroup: rbac.authorization.k8s.io

我正在谈论我的部署文件

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nodefrontend
namespace: test
spec:
replicas: 3
template:
metadata:
labels:
app: bookstore
spec:
containers:
- name: nodeweb
image: balipalligayathri/devops-develop
ports:
- name: http
containerPort: 3000
protocol: TCP

我在创建角色和角色绑定时使用以下命令

$ kubectl create -f role.yml
$ kubectl create -f role-binding.yml

创建了前端开发人员角色和前端部署角色绑定。

同样,我正在使用命令kubectl create -f node-deployment.yml创建部署。已成功创建和删除部署。在这里,我在创建 deployment.so 时没有提到任何用户,我正在尝试使用以下命令使用 user 创建部署。

kubectl create -f node-deployment.yml --as=frontend --context=frontend-context

我面临这样的错误

Error from server (Forbidden):
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fswagger-2.0.0.pb-v1%3Ftimeout%3D32s'/><script>window.location.replace('/login?from=%2Fswagger-2.0.0.pb-v1%3Ftimeout%3D32s');</script></head><body style='background-color:white; color:white;'>
Authentication requiredhttps://stackoverflow.com/questions/48164369/kubernetes-   1-8-dashboard-configurations-fails-with-error-no-kind-role-is-regi
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
which is implied by: hudson.security.Permission.GenericRead
which is implied by: hudson.model.Hudson.Administer    </body></html>

我的疑问是:是否有必要deployment.yml文件中提及用户?

你需要创建一个serviceAccount,看看这个片段:

apiVersion: v1
kind: ServiceAccount
metadata:
name: myAccount

将其绑定到您的角色:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: myBinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: frontend-developer
subjects:
- kind: ServiceAccount
name: myAccount

并在部署中使用它:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nodefrontend
namespace: test
spec:
template:
metadata:
labels:
...
spec:
serviceAccountName: myAccount

裁判:

  • https://kubernetes.io/docs/reference/access-authn-authz/authentication/
  • https://kubernetes.io/docs/reference/access-authn-authz/rbac/

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium