基于RBAC实现dashboard只读——view权限

本文主要是介绍基于RBAC实现dashboard只读——view权限，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

基于RBAC实现dashboard只读——view权限

只是简单利用默认的clusterrole - view实现了只读所有namespace下的对象(除去secret、role、rolebinding)，不支持读取集群信息，后期深入了解resource后再重新梳理role和rule

kind: ServiceAccount
apiVersion: v1
metadata: name: view namespace: kube-system ---kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:name: dashboard-dev-rolebinding
subjects:- kind: ServiceAccount name: viewnamespace: kube-system
roleRef:kind: ClusterRolename: view apiGroup: rbac.authorization.k8s.io 

使用默认的clusterrole：view(Allows read-only access to see most objects in a namespace. It does not allow viewing roles or rolebindings. It does not allow viewing secrets, since those are escalating. )

https://kubernetes.io/docs/reference/access-authn-authz/rbac/

拿token

 kubectl describe secret -n kube-system `kubectl describe sa view  -n kube-system |  grep "Mountable secrets" | awk '{print $3}'`  | grep -E ^token | awk '{print $2}' 

登录dashboard即可

这篇关于基于RBAC实现dashboard只读——view权限的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---