Kubernetes 如何在此values.yaml中设置RBAC?
在图表的文件values.yaml中,我必须使用以下部分激活RBAC:Kubernetes 如何在此values.yaml中设置RBAC?,kubernetes,rbac,open-policy-agent,Kubernetes,Rbac,Open Policy Agent,在图表的文件values.yaml中,我必须使用以下部分激活RBAC: # NOTE IF you use these, remember to update the RBAC rules below to allow # permissions to get, list, watch, patch and update configmaps enabled: false namespaces: [opa, kube-federation-scheduling-poli
# NOTE IF you use these, remember to update the RBAC rules below to allow
# permissions to get, list, watch, patch and update configmaps
enabled: false
namespaces: [opa, kube-federation-scheduling-policy]
requireLabel: true
replicate:
# NOTE IF you use these, remember to update the RBAC rules below to allow
# permissions to replicate these things
cluster: []
# - [group/]version/resource
namespace: []
# - [group/]version/resource
path: kubernetes
如上所述,我必须将动词:get、list、watch、patch和update添加到configmap中
不幸的是,我不知道如何使他们适合亚马尔
我不理解以下语法:
cluster: []
# - [group/]version/resource
namespace: []
# - [group/]version/resource
path: kubernetes
但是我想这些动词在某种程度上适合这里…我会在values.yaml文件中添加以下小节
rbac:
# If true, create & use RBAC resources
#
create: true
rules:
cluster:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- patch
- update
最好将所有RBAC规则放在一个模板中,并使用切换来呈现该模板,但也可以将规则放在values.yaml中并呈现它 示例: 在values.yaml中,提供如下部分:
rbac:
enabled: true
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
在模板(例如template/rbac.yaml)中,负责生成呈现的rbac清单:
{{- if .Values.rbac.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-reader
rules:
{{ toYaml .Values.rbac.rules | indent 2 }}
---
....
{{- end -}}
验证输出k8s清单:
$ helm install -f values.yaml . --dry-run --debug
当他们在下面写RBAC规则时,他们不是指直接在下面的规则。下面40行我找到了你找到的rbac部分。。。我完全受够了!谢谢