이 포스팅은 아래의 유튜브 채널 "따배"를 따라서 학습한 내용입니다.
[관련 이론]
[Precondition]
(1) 테스트 환경
(1.1) Rocky Linux Cluster
: 직접 구성
[root@k8s-master ~]# k get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-master Ready control-plane 30d v1.27.2 192.168.56.30 <none> Rocky Linux 8.10 (Green Obsidian) 4.18.0-553.33.1.el8_10.x86_64 containerd://1.6.32
k8s-node1 Ready <none> 30d v1.27.2 192.168.56.31 <none> Rocky Linux 8.8 (Green Obsidian) 4.18.0-477.10.1.el8_8.x86_64 containerd://1.6.21
k8s-node2 Ready <none> 30d v1.27.2 192.168.56.32 <none> Rocky Linux 8.8 (Green Obsidian) 4.18.0-477.10.1.el8_8.x86_64 containerd://1.6.21
[root@k8s-master ~]#
(1.2) Ubuntu Cluster
: kodekloud 테스트 환경 활용
controlplane ~ ➜ kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
controlplane Ready control-plane 9m6s v1.31.0 192.6.94.6 <none> Ubuntu 22.04.4 LTS 5.4.0-1106-gcp containerd://1.6.26
node01 Ready <none> 8m31s v1.31.0 192.6.94.9 <none> Ubuntu 22.04.4 LTS 5.4.0-1106-gcp containerd://1.6.26
https://learn.kodekloud.com/user/courses/udemy-labs-certified-kubernetes-administrator-with-practice-tests
(2) 사전 필요 설정
: 25번 문제 User role bindng 수행하여 ckauser 및 context 생성
[root@k8s-master ~]# k config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* ckauser kubernetes ckauser
k8s kubernetes kubernetes-admin
kubernetes-admin@kubernetes kubernetes kubernetes-admin[root@k8s-master ~]# k config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.56.30:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: ckauser
name: ckauser
current-context: ckauser
kind: Config
preferences: {}
users:
- name: ckauser
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
[root@k8s-master ~]#
[Question]
Create a new ClusterRole named app-clusterrole which only allows to get,watch,list
the following resource types: deployment, service.
- Bind the new ClusterRole app-clusterrole to the new user ckauser.
- User ckauser and ckauser clusters are already configured
- To check the results, run the following command:
kubectl config use-context ckauser
[Solve]
(1) cluster role 생성
kubectl create clusterrole app-clusterrole --verb=get,list,watch --resource=deployment,service
(2) cluster role binding 생성
kubectl create clusterrolebinding app-clusterrole-binding --clusterrole=app-clusterrole --user=ckauser
(3) context 설정
k config use-context ckauser
[사용 커맨드 정리]
kubectl create clusterrole app-clusterrole --verb=get,list,watch --resource=deployment,service
kubectl get clusterrole app-clusterrole
k describe clusterrole app-clusterrole
kubectl create clusterrolebinding app-clusterrole-binding --clusterrole=app-clusterrole --user=ckauser
k get clusterrolebindings.rbac.authorization.k8s.io app-clusterrole-binding
k describe clusterrolebindings.rbac.authorization.k8s.io app-clusterrole-binding
k config use-context ckauser
k config get-contexts
'Compute > kubernetis' 카테고리의 다른 글
| [따배씨] 28. ServiceAccount Cluster Role binding / CKA 시험 문제 학습 (0) | 2025.02.01 |
|---|---|
| [따배씨] 27. ServiceAccount Role Binding / CKA 시험 문제 학습 (0) | 2025.02.01 |
| [따배씨] 25. User Role Binding / CKA 시험 문제 학습 (0) | 2025.02.01 |
| [따배씨] 23-24. Kubernetes troubleshooting / CKA 시험 문제 학습 (0) | 2025.02.01 |
| [따배씨] 22. Kubernetes Upgrade / CKA 시험 문제 학습 (0) | 2025.02.01 |
