[英]Kubernetes RBAC default user
I'm reading myself currently into RBAC and am using Docker For Desktop with a local Kubernetes cluster enabled. 我现在正在读自己的RBAC并使用Docker For Desktop并启用了本地Kubernetes集群。
If I run kubectl auth can-i get pods
which user or group or serviceaccount is used by default? 如果我运行
kubectl auth can-i get pods
默认使用用户或组或serviceaccount的kubectl auth can-i get pods
?
Is it the same call like: 这是同一个电话:
kubectl auth can-i get pods --as docker-for-desktop --as-group system:serviceaccounts
? kubectl auth can-i get pods --as docker-for-desktop --as-group system:serviceaccounts
?
kubectl config view
shows: kubectl config view
显示:
contexts:
- context:
cluster: docker-for-desktop-cluster
namespace: default
user: docker-for-desktop
name: docker-for-desktop
...
users:
- name: docker-for-desktop
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
But simply calling kubectl auth can-i get pods --as docker-for-desktop
returns NO. 但只需调用
kubectl auth can-i get pods --as docker-for-desktop
返回NO。
Thanks, Kim 谢谢,金
To answer your question 回答你的问题
If I run
kubectl auth can-i get pods
which user or group or serviceaccount is used by default?如果我运行
kubectl auth can-i get pods
默认使用用户或组或serviceaccount的kubectl auth can-i get pods
?
As you can read on Configure Service Accounts for Pods : 正如您可以阅读配置Pod的服务帐户 :
When you (a human) access the cluster (for example, using
kubectl
), you are authenticated by the apiserver as a particular User Account (currently this is usuallyadmin
, unless your cluster administrator has customized your cluster).当您(人)访问群集时(例如,使用
kubectl
),您将由apiserver作为特定用户帐户进行身份验证(目前通常是admin
,除非您的群集管理员已自定义您的群集)。 Processes in containers inside pods can also contact the apiserver.pod中容器内的进程也可以联系apiserver。 When they do, they are authenticated as a particular Service Account (for example,
default
).当它们执行时,它们将作为特定服务帐户进行身份验证(例如,
default
)。
You can use kubectl get serviceaccount
to see what serviceaccounts
are setup in the cluster. 您可以使用
kubectl get serviceaccount
来查看在群集中设置的serviceaccounts
。 Try checking which contexts you have available and switching into a which ever you need: 尝试检查您可用的上下文并切换到您需要的内容:
kubectl config get-contexts
kubectl config use-context docker-for-desktop
If you are experiencing an issue with missing Role
please check Referring to Resources to set they correctly for docker-for-desktop
如果您遇到缺少
Role
的问题,请查看参考资源 ,为docker-for-desktop
正确设置它们
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.