一、RBAC-不同项目的权限管理:
RBAC是基于角色的访问控制(Role-Based Access Control)
https://kubernetes.io/zh/docs/reference/access-authn-authz/rbac/ #使用RBAC鉴权
https://kubernetes.io/zh/docs/reference/access-authn-authz/authorization/ #鉴权概述
https://kubernetes.github.io/ingress-nginx/deploy/rbac/ #ingress中的rbac
1.1:在指定namespace创建账户:
# kubectl create serviceaccount magedu -n magedu
1.2:创建role规则:
# kubectl apply -f magedu-role.yaml
# cat magedu-role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: magedu
name: magedu-role
rules:
- apiGroups: ["*"]
resources: ["pods","pods/exec"]
verbs: ["*"]
##RO-Role
#verbs: ["get", "watch", "list"]
- apiGroups: ["extensions", "apps/v1"]
resources: ["deployments"]
verbs: ["get",