我们正在使用hyperkube的apiserver并通过清单文件进行配置:
"containers":[
{
"name": "apiserver",
"image": "gcr.io/google_containers/hyperkube-amd64:v1.2.1",
"command": [
"/hyperkube",
"apiserver",
"--service-cluster-ip-range=192.168.0.0/23",
"--service-node-port-range=9000-9999",
"--bind-address=127.0.0.1",
"--etcd-servers=http://127.0.0.1:4001",
"--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota",
"--client-ca-file=/srv/kubernetes/ca.crt",
"--basic-auth-file=/srv/kubernetes/basic_auth.csv",
"--min-request-timeout=300",
"--tls-cert-file=/srv/kubernetes/server.cert",
"--tls-private-key-file=/srv/kubernetes/server.key",
"--token-auth-file=/srv/kubernetes/known_tokens.csv",
"--allow-privileged=true",
"--v=4"
],
"volumeMounts": [
{
"name": "data",
"mountPath": "/srv/kubernetes"
}
]
}
我正在尝试弄清楚如何设置一组不同的令牌,而不是/srv/kubernetes/known_tokens.csv,以便用户“超级用户”和“读者”,而不是admin,kubelet和kube_proxy。我怎么能这样做?
答案 0 :(得分:1)
您的清单正在使用公开的卷路径/srv/kubernetes,因此应该能够将其映射到另一个永久卷(http://kubernetes.io/docs/user-guide/volumes/)并在那里设置新文件。
您可以通过指定音量来执行此操作:
"volumes": [
{
"name": "data",
"hostPath": {
"path": "/foo"
}
}
]