반응형
Q. Create a new ClusterRole named deployment-clusterrole, which only allows to create the following resource types Deployment StatefulSet DaemonSet
Create a new ServiceAccount named cicd-token in the existing namespace aps.
Bind the new ClusterRole deployment-clusterrole to the new ServcieAccount cicd-token, linited to the namespace aps.
1. namespace 만들기
k create ns aps
k get ns aps
2. ServicAccount 만들기(Reference 참고)
kubectl create serviceaccount cicd-token -n aps
k get sa -n aps
3. clusterRole 생성(RBAC 참고)
*Template*
kubectl create clusterrole deployment-clusterrole --verb=get,list,watch --resource=pods
kubectl create clusterrole deployment-clusterrole --verb=create --resource=Deployment,StatefulSet,DaemonSet -n aps
k get clusterrole deployment-clusterrole -n aps
4. clusterRoleBinding
*Tempate* (27. 게시글 확인)
kubectl create clusterrolebinding myapp-view-binding --clusterrole=view --serviceaccount=acme:myapp
kubectl create clusterrolebinding deployment-clusterolebinding --clusterrole=deployment-clusterrole --serviceaccount=aps:cicd-token -n aps
k get clusterrolebindings -n aps deployment-clusterolebinding
k describe clusterrolebindings -n aps deployment-clusterolebinding
https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Using RBAC Authorization
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization. RBAC authorization uses the rbac.authorization.k8s.io API group to drive authorization decis
kubernetes.io
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#-em-serviceaccount-em-
Kubectl Reference Docs
kubernetes.io
* 본 게시글은 "TTABAE-LEARN" 을 보고 정리한 내용입니다.
728x90
반응형
'cloud > k8s(문제풀이)' 카테고리의 다른 글
[따배쿠 CKA]30.Network Policy (0) | 2022.09.01 |
---|---|
[cka] Mock exam-1 (0) | 2022.08.19 |
[따배쿠 CKA]27. ServiceAccount Role Binding (0) | 2022.08.17 |
[따배쿠 CKA] 26.User Cluster Role binding (0) | 2022.08.17 |
[k8s]Troubleshooting - worker node failure (0) | 2022.08.17 |