k8s里面建立一个用户,然后给特定权限,再做rolebinding的过程,给个标准的建立jenkins-admin的用户的过程:
简单来说,三步,ServiceAccout –> Role –> Rolebinding
1apiVersion: v1
2kind: ServiceAccount
3metadata:
4 name: jenkins-admin
5 namespace: devops-tools
6---
7apiVersion: rbac.authorization.k8s.io/v1
8kind: Role
9metadata:
10 name: jenkins
11 namespace: default
12 labels:
13 "app.kubernetes.io/name": 'jenkins'
14rules:
15- apiGroups: [""]
16 resources: ["pods"]
17 verbs: ["create","delete","get","list","patch","update","watch"]
18- apiGroups: [""]
19 resources: ["pods/exec"]
20 verbs: ["create","delete","get","list","patch","update","watch"]
21- apiGroups: [""]
22 resources: ["pods/log"]
23 verbs: ["get","list","watch"]
24- apiGroups: [""]
25 resources: ["secrets"]
26 verbs: ["get"]
27---
28apiVersion: rbac.authorization.k8s.io/v1
29kind: RoleBinding
30metadata:
31 name: jenkins-role-binding
32 namespace: default
33roleRef:
34 apiGroup: rbac.authorization.k8s.io
35 kind: Role
36 name: jenkins
37subjects:
38- kind: ServiceAccount
39 name: jenkins-admin
40 namespace: default
资源的链接:https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/rbac/
