k8s使用rbac实现多租户
### 制作租户访问证书 ### openssl genrsa -out ethan.key 2048 openssl req -new -key ethan.key -out ethan.csr -subj "/CN=ethan/O=test" openssl x509 -req -in ethan.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out ethan.crt -days 10000 ### 配置config文件 ### kubectl config set-credentials ethan --client-certificate=ethan.crt --client-key=ethan.key kubectl config set-context ethan-context --cluster=cluster.local --namespace=test --user=ethan ### 新建一条属于自己命令空间的Role ### cat > roleByNamespaces.yaml <<EOF kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: test #< namespace 需新建> name: myrole rules: - apiGroups: ["*"] resources: ["*"] verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] EOF ### 租户绑定命名空间以及Role ### kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: ethan-test namespace: test subjects: - kind: User name: ethan apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: myrole apiGroup: rbac.authorization.k8s.io kubectl --context=ethan-context get po