本文主要是介绍基于RBAC实现dashboard只读——view权限,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
基于RBAC实现dashboard只读——view权限
只是简单利用默认的clusterrole - view实现了只读所有namespace下的对象(除去secret、role、rolebinding),不支持读取集群信息,后期深入了解resource后再重新梳理role和rule
kind: ServiceAccount
apiVersion: v1
metadata: name: view namespace: kube-system ---kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: dashboard-dev-rolebinding
subjects:- kind: ServiceAccount name: viewnamespace: kube-system
roleRef:kind: ClusterRolename: view apiGroup: rbac.authorization.k8s.io
使用默认的clusterrole:view(Allows read-only access to see most objects in a namespace. It does not allow viewing roles or rolebindings. It does not allow viewing secrets, since those are escalating. )
https://kubernetes.io/docs/reference/access-authn-authz/rbac/
拿token
kubectl describe secret -n kube-system `kubectl describe sa view -n kube-system | grep "Mountable secrets" | awk '{print $3}'` | grep -E ^token | awk '{print $2}'
登录dashboard即可
这篇关于基于RBAC实现dashboard只读——view权限的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!