题目一. RBAC
[node]$ kubectl config use-context k8s
创建一个名为deployment-clusterrole的clusterrole,该clusterrole只允许创建deployment、daemonset、statefulset的create操作。
在名字为 app-team1的namespace下创建一个名为cicd-token的serviceAccount。
限于namespace app-team1,将新的clusterrole deployment-clusterrole绑定到新的serviceAccount cicd-token
答案:
kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployment,statefulset,daemonset
kubectl create serviceaccount cicd-token -n app-team1
kubectl create rolebinding serviceaccount=app-team1:cicd-token --clusterrole=deployment-clusterrole -n app-team1
查看:
kubectl describe clusterrole deployment-clusterrole
kubectl describe rolebinding -n app-team1
