具体的练习,还是看笔记吧
给出可能用到的标签
https://kubernetes.io/zh/docs/reference/access-authn-authz/rbac/
https://kubernetes.io/zh/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/
https://kubernetes.io/zh/docs/tasks/administer-cluster/configure-upgrade-etcd/#%E5%A4%87%E4%BB%BD-etcd-%E9%9B%86%E7%BE%A4
https://kubernetes.io/zh/docs/concepts/services-networking/network-policies/#networkpolicy-resource
https://kubernetes.io/zh/docs/concepts/services-networking/service/
https://kubernetes.io/zh/docs/concepts/services-networking/ingress/#the-ingress-resource
https://kubernetes.io/zh/docs/concepts/scheduling-eviction/assign-pod-node/
https://kubernetes.io/zh/docs/concepts/storage/persistent-volumes/
https://kubernetes.io/zh/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#%E5%88%9B%E5%BB%BA-persistentvolume
https://kubernetes.io/zh/docs/concepts/cluster-administration/logging/#sidecar-container-with-logging-agent
https://kubernetes.io/zh/docs/concepts/workloads/controllers/daemonset/
https://kubernetes.io/zh/docs/concepts/configuration/secret/#using-secrets-as-environment-variables
https://kubernetes.io/zh/docs/tasks/access-application-cluster/configure-access-multiple-clusters/
https://kubernetes.io/zh/docs/tutorials/stateful-application/zookeeper/#%E5%AE%B9%E5%BF%8D%E8%8A%82%E7%82%B9%E6%95%85%E9%9A%9C
https://kubernetes.io/zh/docs/concepts/storage/volumes/#hostpath
重要的是在题意指定的context下做题
# kubectl config current-context 查看当前所在的context
kubernetes-admin@kubernetes
# kubectl config use-context kubernetes-admin@kubernetes #使用指定的context
Switched to context "kubernetes-admin@kubernetes".
【题1】
考点:RBAC
role
sa
rolebinding
auth can-i
1.创建service account
# kubectl create sa dev-sa -n default serviceaccount/dev-sa created
2.创建dev的命名空间
# kubectl create role sa-role -n dev --resource=deployment,statefulset,daemonset --verb=create Error from server (NotFound): namespaces "dev" not found
所以要先创建dev的namespace
# kubectl create ns dev namespace/dev created
3.创建具有题目要求的角色
# kubectl create role sa-role -n dev \
> --resource=deployment,statefulset,daemonset --verb=create role.rbac.authorization.k8s.io/sa-role created
# kubectl describe role dev-sa
Name: dev-sa
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
daemonsets.apps [] [] [create]
deployments.apps [] [] [create]
statefulsets.apps [] [] [create]
4.将创建好的角色给1中创建的dev-sa进行绑定
# kubectl create rolebinding sa-rolebinding -n dev \
--role=sa-role --serviceaccount=default:dev-sa
rolebinding.rbac.authorization.k8s.io/sa-rolebinding created
5.验证是否成功,返回yes则是成功。
# kubectl auth can-i create deployment -n dev --as=system:serviceaccount:default:dev-sa yes
# kubectl auth can-i create statefulset --as system:serviceaccount:default:dev-sa
yes
# kubectl auth can-i create daemonset --as system:serviceaccount:default:dev-sa
yes
# kubectl auth can-i create pod --as system:serviceaccount:default:dev-sa
no