相关概念
普通用户-仅访问指定空间
编写yaml:
# 账户
apiVersion: v1
kind: ServiceAccount
metadata:
name: mynameistest
namespace: test
# 角色权限
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: mynameistest-role
namespace: test
rules:
- apiGroups:
- apps
- ''
resources:
- deployments
- replicasets
- statefulsets
- daemonsets
- services
- pods
- pods/log
- pods/exec
- namespaces
verbs:
- list
- get
- create
# 角色-用户绑定
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: test-rolebinging
namespace: test
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: mynameistest-role
subjects:
- kind: ServiceAccount
name: mynameistest
namespace: test
创建
kubectl apply -f xx.yaml
命令行下获取token
echo $(kubectl -n test get secret $(kubectl -n test get secret | grep myn | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)
#如果是从面板获取的token 需要手动base64解码
浏览器登录
可能需要指定空间名称
https://xxx.com/#/workloads?namespace=test
#namespace=test 指定空间名称,否则可能会跳到默认空间,导致什么都看不到