Notice
Recent Posts
Recent Comments
Tags
- n15148
- web&was apche htaccess
- CentOS
- n1548
- etcd
- mariadb
- Auth
- banner
- mgmtip
- port description
- unix_socket
- Storage
- Kubernetes
- 웰카
- Path
- drbd
- Galera Cluster
- 우파푸른하늘80만이벤트
- docker
- maxscale
- CEP
- wildfly jboss
- vmware
- MotD
- data-door
- RHEL8
- admin port
- dell
- openldap
- 우파푸른하늘
- perplexity
- snmp
- Network
250x250
반응형
전산쟁이의 기억노트
rbac기반의 namespace 권한부여 본문
728x90
반응형
 |
| perplexity에서 생성한 AI이미지 |
서비스 계정생성
$> kubectl create sa testuser
role설정
$> cat role.yaml
apiVersion: rbac.authozation.k8s.io/v1
kind: Role
metadata
name: ms-role
namespace: ms
rules:
- apiGroup: [""]
resources: ["*"]
verbs: ["get", "list", "watch"]rolebinding 설정
$> rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ms-rolebinding
namespace: ms
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ms-role
subjects:
- kind: ServiceAccount
name: testuser
namespace: msauth 확인
$> kubectl auth can-i get pods --namespace=ms --as=system:serviceaccouint:default:testuser
yes
user credential 생성
$> kubectl describe serviceaccount testuser
$> kubectl describe secret testuser-token-123
$> kubectl config set-credentials testuser --token=testuser-token-123
context생성
$> kubectl config set-context test-context --cluster=testcluster --as=system:serviceaccount:default:testuser
Context "test-context" created.
$> kubectl config get-contexts
$> kubectl config use-context test-context
Switched to context "test-context"
kube-config 반영
Reference
728x90
반응형
'컨테이너&가상화' 카테고리의 다른 글
| 일반계정에서 kubectl 사용하기 위한 절차 (1) | 2025.06.23 |
|---|---|
| ETCD구성정보 (2) | 2025.06.17 |
| 워커노드 제외방법 (0) | 2023.12.23 |
| rancher 패스워드 초기화 방법 (0) | 2023.11.06 |
| Linux에서 VMWARE Player설치 에러 해결하기 (0) | 2023.04.30 |
'컨테이너&가상화' Related Articles
more
Comments