kubernetes 原始碼安裝1.18.3 (8)授權 apiserver 訪問 kubelet

默子昂發表於2020-12-10
原始碼APIServer

授權 apiserver 訪問 kubelet

cat > apiserver-to-kubelet-rbac.yaml<< EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:kube-apiserver-to-kubelet
rules:
  - apiGroups:
      - ""
    resources:
      - nodes/proxy
      - nodes/stats
      - nodes/log
      - nodes/spec
      - nodes/metrics
      - pods/log
    verbs:
      - "*"

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: system:kube-apiserver
  namespace: ""
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:kube-apiserver-to-kubelet
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: kubernetes
EOF

部署

kubectl apply -f apiserver-to-kubelet-rbac.yaml

返回

clusterrole.rbac.authorization.k8s.io/system:kube-apiserver-to-kubelet created
clusterrolebinding.rbac.authorization.k8s.io/system:kube-apiserver created

檢視是否建立

[root@k8s-master01 k8s]# kubectl get clusterrole,clusterrolebinding | grep system:kube-apiserver
clusterrole.rbac.authorization.k8s.io/system:kube-apiserver-to-kubelet                                       2020-12-10T06:39:24Z
clusterrolebinding.rbac.authorization.k8s.io/system:kube-apiserver                                  ClusterRole/system:kube-apiserver-to-kubelet


 

相關文章