[root@master-01 deploy]# git clone https://github.com/FairwindsOps/rbac-manager.git [root@master-01 deploy]# cd rbac-manager/deploy #我们先查看一下有哪些文件 [root@master-01 deploy]# ls 0_namespace.yaml 1_rbac.yaml 2_crd.yaml 3_deployment.yaml ##部署 [root@master-01 deploy]# kubectl apply -f ./ namespace/rbac-manager created serviceaccount/rbac-manager created clusterrole.rbac.authorization.k8s.io/rbac-manager created clusterrolebinding.rbac.authorization.k8s.io/rbac-manager created customresourcedefinition.apiextensions.k8s.io/rbacdefinitions.rbacmanager.reactiveops.io created deployment.apps/rbac-manager created [root@master-01 deploy]# kubectl -n rbac-manager get pod NAME READY STATUS RESTARTS AGE rbac-manager-664c9df47f-sjwwh 1/1 Running 0 48s
[root@master-01 deploy]# kubectl get rolebindings.rbac.authorization.k8s.io -n devops NAME ROLE AGE leader-locking-nfs-client-provisioner Role/leader-locking-nfs-client-provisioner 6d3h lishuai-access-jlishuai-view ClusterRole/view 13s [root@master-01 deploy]# kubectl get rolebindings.rbac.authorization.k8s.io -n test NAME ROLE AGE lishuai-access-jlishuai-edit ClusterRole/edit 21s
#查看带有team=test标签的名称空间 [root@master-01 deploy]# kubectl get ns -l=team=test NAME STATUS AGE devops Active 197d test Active 128d
[root@master-01 deploy]# kubectl get rolebindings.rbac.authorization.k8s.io -n devops NAME ROLE AGE leader-locking-nfs-client-provisioner Role/leader-locking-nfs-client-provisioner 6d3h lishuai-access-lishuai-edit ClusterRole/edit 23s [root@master-01 deploy]# kubectl get rolebindings.rbac.authorization.k8s.io -n test NAME ROLE AGE lishuai-access-lishuai-edit ClusterRole/edit 26s