cluster-admin 和 admin Kubernetes ClusterRoles 的区别
[英]Difference between cluster-admin and admin Kubernetes ClusterRoles
问题描述
两个集群角色在每个 Kubernetes 集群中都是默认的,但是拥有这两个角色的目的是什么/它们之间的具体区别是什么?
1 个解决方案
解决方案1
3 已采纳 2020-02-18 19:10:10
The cluster admin has every permission on every resource on the cluster because the rule is
集群管理员对集群上的每个资源都拥有所有权限,因为规则是
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
whereas for admin role the rules are such that it has almost all permission on almost all resources but its not wildcard access like cluster admin.When a new resource or a custom resource is introduced if you want to have permission for that resource to the admin you need to add that resource to the admin role's rule but for cluster admin it's not necessary because cluster admin has wildcard in the rules.而对于管理员角色,规则是它对几乎所有资源拥有几乎所有权限,但它不像集群管理员那样具有通配符访问权限。需要将该资源添加到管理员角色的规则中,但对于集群管理员来说,这不是必需的,因为集群管理员在规则中有通配符。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.