如何创建用户和创建角色-(针对场景可以是创建令牌)

 集群环境:
1、k8s用的是二进制方式安装
2、操作系统是linux (centos)
3、操作系统版本为 7.4/7.9
4、k8s的应用管理、node管理、pod管理等用rancher、k8s令牌以及master控制台进行综合的管理操作

创建用户
[root@vms61 ccadmin]#kubectl create serviceaccount ccadmin -n cc
#再次创建一个serviceaccount,指定名称空间为default

创建角色

创建 rolebinding 把ccrole绑定 ccadmin
[root@vms61 ccadmin]# kubectl create rolebinding cc-rolebinding --user=ccadmin --clusterrole=admin --serviceaccount=cc:ccadmin -n cc


#使用rolebinding绑定clusterrole用户admin到刚刚创建的serviceaccount上

[root@fp-web-157 sh_jenkins.sh]# kubectl get secret -n cc
NAME TYPE DATA AGE
ccadmin-token-jtpfw kubernetes.io/service-account-token 3 40s
ccharborsecretkey kubernetes.io/dockerconfigjson 1 3d
default-token-9cb2v kubernetes.io/service-account-token 3 6d


//得到令牌token
[root@fp-web-157 sh_jenkins.sh]# kubectl describe secret ccadmin-token-jtpfw -n cc
Name: ccadmin-token-jtpfw
Namespace: cc
Labels: <none>
Annotations: kubernetes.io/service-account.name=ccadmin
kubernetes.io/service-account.uid=a34733ee-3df9-11ec-835a-061d22000bfb

Type: kubernetes.io/service-account-token

Data
====
ca.crt: 2053 bytes
namespace: 3 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJjY3kiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoiY2N5YWRtaW4tdG9rZW4tanRwZnciLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiY2N5YWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhMzQ3MzNlZS0zZGY5LTExZWMtODM1YS0wNjFkMjIwMDBiZmIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6Y2N5OmNjeWFkbWluIn0.mG8ILT82qNe_0HwGvk947LGe6DQJX88LKQ6Wd9_3NUNrVBLfmBwr65OoTIQrX-f6ir8zGx5rXJi9e_EKllQlTP9HrcjnzDyEpuB1iihLq401TAtcFpFZrWqWFUd5UdmUf1K15UQWWYufLYL2IXiUukzef498Z9lSJoEi1d9fwDxmLHMAYzS5I4WG8NyNMPaDEQnfgUlboTmIHrYgr6lD_7xG0L5O24tKsqZhYQl7hFbC6blqd9AiTUxWTIn7c3l0pA8ZiCuBdl8xBb1tfl9yQxR3xdXMP1JDQkOkijTPiCF19LrvlaM1ub1g5Q12o7PVIX9sS4Jp3Mn2Md2uhbIa-3TuxPmgK11tfnkl4F7Ag8dcpZCtEbBnmN3Wwt_WAXtlpjF1kLcizcNMzl_r7YNB9Y139__dnOIklTAE3Y0_kzlAeu9PgmvISQkIbRk4vaG0Mvzf7vbk4JlDEX7rhXl236cQ9x4cr1ngtb9AsIMQyFdq94xxVBzIAGUay2-Eu1Wfafn9uutL3WbqXf-uUC2shxG98oiwKhWp46GzAJ0Y-SwO25T49t3XU4g9ACe_GvG7S21Dxmqnbwx1FvVMI03URBh97D9X_uS9Ibt3YdEM3TiCfbH_X7R1HLoQLEEcFrl35i1ccEqgSMnWsfV4JPRZm0dW 


说明:
1、role-授权特定命名空间的访问权限
2、clusterrole-授权所有空间的访问权限

角色绑定
rolebinding-将角色绑定到主体
clusterrolebinding-将集群角色绑定到主体

 

posted @ 2022-01-24 16:05  jinzi  阅读(366)  评论(0编辑  收藏  举报