堆栈内存溢出
  简体   繁体   English

如何登录到Azure Kubernetes集群?

[英]How To login to azure kubernetes cluster?

 原文  2019-06-10 04:18:26       kubernetes/ azure-aks

问题描述

How can we login to a AKS cluster created , by using service account? 我们如何使用服务帐户登录创建的AKS集群? We are asked to execute kubectl create clusterrolebinding add-on-cluster-admin ......... but we are not aware how to use this and login to the created cluster in Azure 我们被要求执行kubectl create clusterrolebinding add-on-cluster-admin .........但是我们不知道如何使用它并登录到Azure中创建的群集

2 个解决方案

解决方案1
 2  2019-06-10 04:51:47

you can use this quick start tutorial: https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough#connect-to-the-cluster 您可以使用此快速入门教程: https : //docs.microsoft.com/zh-cn/azure/aks/kubernetes-walkthrough#connect-to-the-cluster

basically you need to install kubectl: 基本上,您需要安装kubectl: 

az aks install-cli

and pull credentials for AKS: 并提取AKS的凭据: 

az aks get-credentials --resource-group myResourceGroup --name myAKSCluster

解决方案2
 1 已采纳  2019-06-14 10:42:14

As per ducemtaion: 根据教育:

User accounts vs service accounts Kubernetes distinguishes between the concept of a user account and a service account for a number of reasons: User accounts are for humans. 用户帐户与服务帐户Kubernetes区分用户帐户和服务帐户的概念有很多原因: 用户帐户是针对人类的。 Service accounts are for processes, which run in pods . 服务帐户用于在pod中运行的流程 User accounts are intended to be global. 用户帐户旨在成为全球帐户。 Names must be unique across all namespaces of a cluster, future user resource will not be namespaced. 名称在群集的所有命名空间中必须唯一,将来的用户资源将不会被命名。 Service accounts are namespaced. 服务帐户已命名空间。 Typically, a cluster's User accounts might be synced from a corporate database, where new user account creation requires special privileges and is tied to complex business processes. 通常,群集的用户帐户可能是从公司数据库同步的,在该公司数据库中,新用户帐户的创建需要特殊的特权,并且与复杂的业务流程相关联。 Service account creation is intended to be more lightweight, allowing cluster users to create service accounts for specific tasks (ie principle of least privilege) . 服务帐户的创建旨在更加轻巧,从而允许集群用户为特定任务(即最小特权原则)创建服务帐户 Auditing considerations for humans and service accounts may differ. 人员和服务帐户的审核注意事项可能有所不同。 A config bundle for a complex system may include definition of various service accounts for components of that system. 复杂系统的配置包可能包括该系统组件的各种服务帐户的定义。 Because service accounts can be created ad-hoc and have namespaced names, such config is portable. 因为可以临时创建服务帐户并使用命名空间名称,所以这种配置是可移植的。

As an example: 举个例子: 

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: secret-reader
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "watch", "list"]

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-secrets-global
subjects:
- kind: User
  name: manager
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: secret-reader
  apiGroup: rbac.authorization.k8s.io

you can find other helpful information here , in official kubernetes documentation , and Azure Kubernetes Service AKS 您可以在此处官方kubernetes文档和Azure Kubernetes Service AKS中找到其他有用的信息

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将Vagrant Kubernetes集群连接到Azure DevOps - How to connect a Vagrant Kubernetes cluster to Azure DevOps 如何在Azure集群上打开Kubernetes仪表板? - How to open kubernetes dashboard on azure cluster? 如何在现有的 Azure Kubernetes 集群中创建命名空间 - How to create namespace in existing azure Kubernetes cluster 如何在Azure门户中找到kubernetes集群的名称? - How to find --name of kubernetes cluster in Azure portal? 为 Azure 群集配置 Kubernetes - Configure Kubernetes for an Azure cluster 如何在Azure门户中监视Azure Kubernetes群集资源状态? - How to monitor the Azure Kubernetes Cluster resource status in Azure Portal? 如何以 root 用户身份登录 Azure Kubernetes pod - How to login as root user to Azure Kubernetes pod 在Azure上规划Kubernetes-Cluster - Planning Kubernetes-Cluster on Azure azure kubernetes集群的垂直扩展 - Vertical scaling of azure kubernetes cluster 在Azure中创建Kubernetes集群失败 - Creating a Kubernetes cluster in Azure fails
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM