我正在尝试创建具有有限命名空间访问权限的用户。创建了名为 test 的命名空间,还创建了 Group:programmers, User:frontend。通过以下http://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/为用户生成凭据:前端
我创建了一个角色。这是我的角色.yml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test
name: frontend-developer
rules:
- apiGroups: ["","extensions","apps"]
resources: ["deployments","replicasets","pods"]
verbs: ["get","list","watch","create","patch"]`
我创建了角色绑定。这是角色绑定.yml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: frontend-deploy
namespace: test
subjects:
- kind: User
name: frontend
namespace: test
roleRef:
kind: Role
name: frontend-developer
apiGroup: rbac.authorization.k8s.io
我说我的部署文件为
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: nodefrontend
namespace: test
spec:
replicas: 3
template:
metadata:
labels:
app: bookstore
spec:
containers:
- name: nodeweb
image: balipalligayathri/devops-develop
ports:
- name: http
containerPort: 3000
protocol: TCP
我在创建角色和角色绑定时使用以下命令
$ kubectl create -f role.yml
$ kubectl create -f role-binding.yml
创建了前端开发人员角色和前端部署角色绑定。
同样,我正在使用该命令kubectl create -f node-deployment.yml进行部署创建。部署已成功创建和删除。在这里,我在创建部署时没有提及任何用户。所以,我正在尝试使用以下命令与用户一起创建部署。
kubectl create -f node-deployment.yml --as=frontend --context=frontend-context
我正面临这样的错误
Error from server (Forbidden):
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fswagger-2.0.0.pb-v1%3Ftimeout%3D32s'/><script>window.location.replace('/login?from=%2Fswagger-2.0.0.pb-v1%3Ftimeout%3D32s');</script></head><body style='background-color:white; color:white;'>
Authentication requiredhttps://stackoverflow.com/questions/48164369/kubernetes- 1-8-dashboard-configurations-fails-with-error-no-kind-role-is-regi
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
which is implied by: hudson.security.Permission.GenericRead
which is implied by: hudson.model.Hudson.Administer </body></html>
我的疑问是:是否有必要在deployment.yml文件中提及用户?