반응형
01. 특정 clusterRole과 serviceAccount를 생성하고 binding 한다.
[solve]
[root@k8s-master ~]# vi 37-test.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: deployment-clusterrole
namespace: app-team1
rules:
- apiGroups: [""]
resources: ["Deployment", "StatefulSet", "DaemonSet"]
verbs: ["create"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
kubernetes.io/enforce-mountable-secrets: "true"
name: ccid-token
namespace: app-team1
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: deployment-clusterrole-binding
namespace: app-team1
subjects:
- kind: ServiceAccount
name: ccid-token
roleRef:
kind: ClusterRole
name: deployment-clusterrole
[root@k8s-master ~]# kubectl apply -f 37-test.yaml
clusterrole.rbac.authorization.k8s.io/deployment-clusterrole created
serviceaccount/ccid-token created
rolebinding.rbac.authorization.k8s.io/deployment-clusterrole-binding created
반응형
'Compute > kubernetis' 카테고리의 다른 글
| [CKA] 15. NetworkPolicy 생성 (0) | 2025.01.14 |
|---|---|
| [CKA] 14. daemonset 생성 (0) | 2025.01.14 |
| [CKA] 12. ingress 생성 | 특정 조건의 ingress 생성 (0) | 2025.01.14 |
| [CKA] 11. cluster upgrade | 노드 drain | cordon / uncordon (0) | 2025.01.14 |
| [CKA] 10. kubectl top 명령어 사용 문제 | --sort-by | -l 옵션 사용 (0) | 2025.01.14 |
