堆栈内存溢出
  简体   繁体   English

Azure Kubernetes - 用于命名空间隔离的 RBAC 角色

[英]Azure Kubernetes - RBAC role for namespace isolation

 原文  2021-10-26 07:45:34       azure/ kubernetes/ azure-aks/ rbac

问题描述

i would like to know if is possible to isolate namespace on Azure Kubernetes service.我想知道是否可以在 Azure Kubernetes 服务上隔离命名空间。 Now if i give rbac role to my colleague they can see all namespace, i would like to segregate namespace for department, eg data can see only data namespace, dev can see only den namespace etc..现在,如果我给我的同事 rbac 角色,他们可以看到所有命名空间,我想为部门隔离命名空间,例如数据只能看到数据命名空间,开发人员只能看到 den 命名空间等。

is it possible?是否可以?

Thanks谢谢

1 个解决方案

解决方案1
 2  2021-10-26 08:09:53

yes, You have to Enable AKS-managed Azure Active Directory , Role-based access control (RBAC) & Azure RBAC for Kubernetes Authorization .是的,您必须为 Kubernetes 授权启用AKS-managed Azure Active DirectoryRole-based access control (RBAC)Azure RBAC There are 2 options:有2个选项:

az aks create -g myResourceGroup -n myManagedCluster --enable-aad --enable-azure-rbac

1st Option:第一个选项:

---
apiVersion: v1
kind: Namespace
metadata:
  name: data
  labels:
    kubernetes.io/metadata.name: data
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: data-view-access
  namespace: data
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view
subjects:
- kind: Group
  namespace: data
  name: <GROUP_OBJECT_ID>

2nd Option is to use Azure Custom Roles as explained here .第二个选项是讲解了使用Azure的自定义角色在这里

NOTE: All users must be member of Azure Kubernetes Service Cluster User Role in order the execute az aks get-credentials注意:所有用户必须是Azure Kubernetes Service Cluster User Role的成员才能执行az aks get-credentials

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Azure上的Kubernetes上启用RBAC - Enabling RBAC on Kubernetes on Azure 划分所有者Azure的RBAC角色 - Divide Owner RBAC Role of Azure 使用Azure RBAC的角色管理 - Role Management using Azure RBAC 为什么“Azure Kube.netes Service RBAC Reader”角色允许部署写入 - Why does 'Azure Kubernetes Service RBAC Reader' role allow deployments write Azure RBAC 是添加剂还是允许的最少角色获胜? - Are Azure RBAC additive or the least permissible role wins? 如何在 Azure 中创建自定义 RBAC/ABAC 角色? - How to create custom RBAC/ABAC role in Azure? 如何在Azure kubernetes服务中实现RBAC功能? - How to achieve the RBAC functionality in Azure kubernetes service? 在Azure Kubernetes服务中禁用Azure Active Directory RBAC - Disabling Azure Active Directory RBAC in Azure Kubernetes Service 使用RBAC角色“虚拟机用户登录”的Azure VM登录 - Azure VM Login using RBAC Role 'Virtual Machine User Login' 可以为 ACR 存储库执行 Azure RBAC 角色分配吗? - Possible to do Azure RBAC Role Assignment for ACR Repository?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM