我目前正在读RBAC,正在使用启用了本地Kubernetes集群的Docker For Desktop。
如果我运行kubectl auth can-i get pods
,默认情况下使用哪个用户,组或服务帐户?
是否像这样的电话:kubectl auth can-i get pods --as docker-for-desktop --as-group system:serviceaccounts
?kubectl config view
显示:
contexts:
- context:
cluster: docker-for-desktop-cluster
namespace: default
user: docker-for-desktop
name: docker-for-desktop
...
users:
- name: docker-for-desktop
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
但是只需调用
kubectl auth can-i get pods --as docker-for-desktop
即可返回NO。谢谢,
金
最佳答案
回答你的问题
If I run
kubectl auth can-i get pods
which user or group or serviceaccount is used by default?
正如您可以在Configure Service Accounts for Pods上阅读的那样:
When you (a human) access the cluster (for example, using
kubectl
), you are authenticated by the apiserver as a particular User Account (currently this is usuallyadmin
, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example,default
).
您可以使用
kubectl get serviceaccount
来查看集群中设置了哪些serviceaccounts
。尝试检查可用的上下文,然后切换到所需的上下文:
kubectl config get-contexts
kubectl config use-context docker-for-desktop
如果您遇到缺少
Role
的问题,请检查Referring to Resources以将其正确设置为docker-for-desktop
关于kubernetes - Kubernetes RBAC默认用户,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55943448/