我按照官方kubernetes指南,使用kubeadm为单主机多节点集群创建了Kubernetes集群:
我当前通过以下命令将笔记本电脑连接到群集:
kubectl get nodes --username kubernetes-admin --kubeconfig ~/.kube/config
但是,我现在想为Jenkins添加一个单独的用户(或相同的实际用户但名称不同)来运行命令。我只想要一个单独的用户名以进行访问/记录。
如何在配置文件中轻松添加另一个“詹金斯”用户名(可能带有其自己的证书)? Kubeadm自动使用--authorization-mode=Node(或至少是我的)
背景信息:当前只有/可能在我们的集群上进行任何更改的人才具有访问权限/需要访问权限,因此,我不需要仅授予用户访问某些命名空间的权限。此外,请记住,我们将在每个环境中拥有一个集群:开发人员,UAT,生产等。
答案 0 :(得分:1)
使用Kubernetes serviceAccount并指示您的Jenkins部署使用具有绑定角色的帐户是合适的:
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: jenkins
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- kind: ServiceAccount
name: jenkins
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: jenkins
name: jenkins
spec:
replicas: 1
selector:
matchLabels:
app: jenkins
template:
metadata:
labels:
app: jenkins
spec:
serviceAccountName: jenkins