[따배쿠 CKA] 26.User Cluster Role binding

[k8s kw: RBAC]

 

*Role 차이

: namespace Role는 ns 에 국한 되서 권한이 있었다.

: cluster Role :  모든 ns 에 대해서 권한을 갖게 된다. 

 

1)ClusterRole 만들기

2)ClusterRoleBinding 하기

Q. Cluster: kubectl config use-context k8s

Task:
 - Create a new ClusterRole named app-clusterrole, which only allows to get ,watch, list the following resource types: Deployment, Service
- Bind the new ClusterRole app-clusterrole to the new user ckcuser.
- User ckauser and ckauser are already configured.
- To check the results, run the following command: kubectl config use-context ckauser 

 

1. cluster Role 생성하기

*Template*
kubectl create clusterrole pod-reader --verb=get,list,watch --resource=pos

kubectl create clusterrole app-clusterrole --verb=get,list,watch --resource=deployment,service
k get clusterrole app-clusterrole
k describe clusterrole app-clusterrole

 

2. role binding 하기

[k8s: kubectl create clusterrolebinding]

*Template*
kubectl create clusterrolebinding root-cluster-admin-binding --clusterrole=cluster-admin --user=root

kubectl create clusterrolebinding app-clusterrolebinding --clusterrole=app-clusterrole --user=ckauser
kubectl describe clusterrolebinding app-clusterrolebinding

3. ckauser 로 접속하기

 : ckauser 을 만든 후 접속이 되면 됨 

kubectl config use-context ckauser

kubectl get deployment -A
kubectl get service -A 

kubectl config use-context kubernetes 

 

 

https://kubernetes.io/docs/reference/access-authn-authz/rbac/

Using RBAC Authorization

* 본 게시글은 "TTABAE-LEARN" 을 보고 정리한 내용입니다.