首页 文章

将Jenkins的管理员用户添加到kubeadm kubernetes集群

提问于
浏览
1

我按照官方kubernetes指南使用kubeadm为单主多节点集群创建了一个Kubernetes集群:

Kubernetes cluster

我目前通过此命令将笔记本电脑连接到群集:

kubectl get nodes --username kubernetes-admin --kubeconfig ~/.kube/config

但是,我现在想要为Jenkins运行命令添加一个单独的用户(或相同的实际用户但名称不同) . 我只想要一个单独的用户名来进行访问/记录 .

如何在配置文件中轻松添加另一个"jenkins"用户名(可能带有自己的证书)? Kubeadm自动使用 --authorization-mode=Node (或者至少是我的)

背景信息:只有可能对我们的集群进行任何更改的人当前有/需要访问权限,因此我不需要仅授予用户访问某些名称空间等的权限 . 另外,请记住,每个环境都有一个集群:dev, UAT, 生产环境 等

1 回答

  • 1

    它适合使用Kubernetes serviceAccount 并指示您的Jenkins部署使用该帐户(具有绑定角色):

    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: jenkins
    ---
    kind: Role
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
      name: jenkins
    rules:
    - apiGroups: [""]
      resources: ["pods"]
      verbs: ["create","delete","get","list","patch","update","watch"]
    - apiGroups: [""]
      resources: ["pods/exec"]
      verbs: ["create","delete","get","list","patch","update","watch"]
    - apiGroups: [""]
      resources: ["pods/log"]
      verbs: ["get","list","watch"]
    - apiGroups: [""]
      resources: ["secrets"]
      verbs: ["get"]
    ---
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: RoleBinding
    metadata:
      name: jenkins
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: Role
      name: jenkins
    subjects:
    - kind: ServiceAccount
      name: jenkins
    
    
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      labels:
        app: jenkins
      name: jenkins
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: jenkins
      template:
        metadata:
          labels:
            app: jenkins
        spec:     
          serviceAccountName: jenkins
    

相关问题