一、目前的主要使用场景
jumpserver添加只读用户
二、创建一个sa,并创建绑定ClusterRole
创建sa(用户)
vim sa-jump.yaml
-------------
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: default
name: jump
--------------
kubectl apply -f sa-jump.yaml
#[root@k8s-master rbac]# kubectl get sa
#NAME SECRETS AGE
#default 1 100d
#jump 1 24h
创建ClusterRole
vim read-clusterrole.yaml
--------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: read-clusterrole
rules:
- apiGroups: [""]
resources: ["pods/exec","services","endpoints","pods","secrets","configmaps","crontabs" ,"deployments","jobs","nodes" , "rolebindings","clusterroles", " daemonsets" ,"replicasets" ,