如何检查 kubernetes 集群中现有的用户和组?
[英]How to check existing users and groups in kubernetes cluster?
问题描述
We can check the service accounts in Kubernetes Cluster.
我们可以在 Kubernetes 集群中查看服务账户。 Likewise, Is it possible to check the existing users and groups of my Kubernetes cluster with Cluster Admin privileges.同样,是否可以使用集群管理员权限检查我的 Kubernetes 集群的现有用户和组。 If yes then how ?如果是,那么如何? If no then why ?如果没有,那为什么?
NOTE: I am using EKS注意:我正在使用 EKS
1 个解决方案
解决方案1
1
Posting this as a community wiki, feel free to edit and expand.将此作为社区 wiki 发布,请随意编辑和扩展。
This won't answer everything, however there are some concepts and ideas.这不会回答所有问题,但是有一些概念和想法。
In short words there's no easy way.简而言之,没有简单的方法。 It's not possible to do using kubernetes itself.使用 kubernetes 本身是不可能的。 Reason for this is:这样做的原因是:
All Kubernetes clusters have two categories of users: service accounts managed by Kubernetes, and normal users.
It is assumed that a cluster-independent service manages normal users in the following ways:
- an administrator distributing private keys
- a user store like Keystone or Google Accounts
- a file with a list of usernames and passwords
In this regard, Kubernetes does not have objects which represent normal user accounts.
More details and examples from another answer on SO 来自另一个关于 SO 的答案的更多细节和示例
As for EKS part which is mentioned, it should be done using AWS IAM in connection to kubernetes RBAC.至于提到的EKS部分,应该使用AWS IAM结合kubernetes RBAC来完成。 Below articles about setting up IAM roles in kubernetes cluster.下面有关在 kubernetes 集群中设置 IAM 角色的文章。 Same way it will be possible to find which role has cluster admin permissions:同样可以找到哪个角色具有cluster admin权限:
- Managing users or IAM roles for your cluster 管理集群的用户或 IAM 角色
- provide access to other IAM users and roles 提供对其他 IAM 用户和角色的访问权限
If another tool is used for identity managing, it should be used (eg LDAP)如果使用其他工具进行身份管理,则应使用它(例如 LDAP)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.