Skip to content

B
beach

孤思冥想 / beach

通知 1
Star 0
Fork 0
B
beach

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 4b5b20be 编写于 作者: 孤思冥想's avatar 孤思冥想
浏览文件
操作

kubernetes 集群创建查询用户

上级 d6897d88
隐藏空白更改
内联 并排
Showing with 79 addition and 0 deletion
k8s/create_view_user.sh 0 → 100644
浏览文件 @ 4b5b20be
#!/bin/bash
if [ $# -lt 5 ];then
echo "Usage: $0 {userName clusterName apiServerAddress caKeyPath caCrtPath}"
exit 1
fi
if [ ! -f $4 ]; then
echo "the ca key file doesn't exist"
exit 1
fi
if [ ! -f $5 ]; then
echo "the ca key file doesn't exist"
exit 1
fi
userName=$1
clusterName=$2
apiServer=$3
caKeyPath=$4
caCrtPath=$5
cat <<EOF > clusterRole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ${userName}-cluster-reader
rules:
- apiGroups:
- ""
resources:
- "*"
verbs:
- get
- list
- watch
EOF
cat <<EOF > userRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: ${userName}-read-all
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ${userName}-cluster-reader
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: ${userName}
EOF
kubectl apply -f clusterRole.yaml
kubectl apply -f userRoleBinding.yaml
openssl genrsa -out ${userName}.key 2048
openssl req -new -key ${userName}.key -out ${userName}.csr -subj "/O=K8s/CN=${userName}"
openssl x509 -req -in ${userName}.csr -CA ${caCrtPath} -CAkey ${caKeyPath} -CAcreateserial -out ${userName}.crt -days 365
kubectl config set-cluster ${clusterName} --server=${apiServer} --certificate-authority=${caCrtPath} --embed-certs=true --kubeconfig=./${userName}.conf
kubectl config set-credentials ${userName} --client-certificate=${userName}.crt --client-key=${userName}.key --embed-certs=true --kubeconfig=./${userName}.conf
kubectl config set-context ${userName}@${clusterName} --cluster=${clusterName} --user=${userName} --kubeconfig=./${userName}.conf
kubectl config use-context ${userName}@${clusterName} --kubeconfig=./${userName}.conf
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册