--- apiVersion:v1 kind:Secret metadata: name:permission-manager namespace:permission-manager type:Opaque stringData: PORT:"4000"# port where server is exposed CLUSTER_NAME:"my-cluster"# name of the cluster to use in the generated kubeconfig file CONTROL_PLANE_ADDRESS:"https://apiserver.cluster.local:6443"# full address of the control plane to use in the generated kubeconfig file BASIC_AUTH_PASSWORD:"changeMe"# password used by basic auth (username is `admin`)
参数解释:
PORT
服务端口号
CLUSTER_NAME
要在生成的kubeconfig中使用的集群名称
CONTROL_PLANE_ADDRESS
在生成的kubeconfig文件中使用的控制平面的地址
BASIC_AUTH_PASSWORD
web页面密码默认登录账户为admin
部署crd以及预定义的一些权限
1 2 3 4 5 6 7 8 9 10 11 12 13
[root@master-01 permission-manager]# kubectl apply -f seeds/ customresourcedefinition.apiextensions.k8s.io/permissionmanagerusers.permissionmanager.user created clusterrole.rbac.authorization.k8s.io/template-namespaced-resources___operation created clusterrole.rbac.authorization.k8s.io/template-namespaced-resources___developer created clusterrole.rbac.authorization.k8s.io/template-cluster-resources___read-only created clusterrole.rbac.authorization.k8s.io/template-cluster-resources___admin created #会创建admin,read-only,developer三个权限供web页面使用 [root@master-01 permission-manager]# kubectl get clusterrole|grep ^template template-cluster-resources___admin 2021-08-06T02:55:10Z template-cluster-resources___read-only 2021-08-06T02:55:10Z template-namespaced-resources___developer 2021-08-06T02:55:10Z template-namespaced-resources___operation 2021-08-06T02:55:10Z
部署deployment
1 2 3 4 5 6 7 8 9 10
[root@master-01 permission-manager]# kubectl apply -f deploy.yml service/permission-manager created deployment.apps/permission-manager created serviceaccount/permission-manager created clusterrole.rbac.authorization.k8s.io/permission-manager created clusterrolebinding.rbac.authorization.k8s.io/permission-manager created [root@master-01 ingress-route]# kubectl get pod -n permission-manager NAME READY STATUS RESTARTS AGE permission-manager-bdddff74b-4pv67 1/1 Running 0 5m9s