一 创建账号

kubectl create sa dashboard-user -n kube-system

二 创建rbac授权

vim dashboard-user.yaml

kind: ClusterRole

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

name: cluster-role-dashboard-user

rules:

  • apiGroups: [""]

    resources: ["namespaces","nodes","services","endpoints","secrets","pods","configmaps","persistentvolumeclaims","events","replicationcontrollers","persistentvolumes","storageclasses","pods/log","pods/exec"]

    verbs: ["get", "watch", "list"]

  • apiGroups: ["extensions","apps"]

    resources: ["daemonsets","deployments","replicasets","replicationcontrollers","statefulsets"]

    verbs: ["get", "watch", "list"]

  • apiGroups: ["batch","extensions"]

    resources: ["jobs","cronjobs","ingresses"]

    verbs: ["get", "watch", "list"]

kind: ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1beta1

metadata:

name: cluster-role-dashboard-user

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: cluster-role-dashboard-user

subjects:

  • kind: ServiceAccount

    name: dashboard-user

    namespace: kube-system

kind: Role

apiVersion: rbac.authorization.k8s.io/v1

metadata:

namespace: hc360

name: role-dashboard-user

rules:

  • apiGroups: [""]

    resources: ["pods/exec"]

    verbs: ["create"]

kind: RoleBinding

apiVersion: rbac.authorization.k8s.io/v1

metadata:

name: role-bind-dashboard-user

namespace: hc360

subjects:

  • kind: ServiceAccount

    name: dashboard-user

    namespace: kube-system

roleRef:

kind: Role

name: role-dashboard-user

apiGroup: rbac.authorization.k8s.io

results matching ""

    No results matching ""