Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revisionBoth sides next revision | ||
devops:kubernetes [2021/08/02 13:24] – [Добавление объекта] admin | devops:kubernetes [2021/08/18 14:23] – [Скрипт] admin | ||
---|---|---|---|
Line 352: | Line 352: | ||
set -e | set -e | ||
- | KUB_CONTEXT=' | + | KUB_CONTEXT=' |
- | KUB_USERNAME=' | + | KUB_USERNAME=' |
- | KUB_USERGROUP=' | + | KUB_USERGROUP=' |
#cluster or ns (namespace) | #cluster or ns (namespace) | ||
# | # | ||
AUTH_SCOPE=' | AUTH_SCOPE=' | ||
# If AUTH_SCOPE = ns then we need namespace name | # If AUTH_SCOPE = ns then we need namespace name | ||
- | KUB_NAMESPACE=' | + | KUB_NAMESPACE=' |
- | KUB_ROLE_NAME='app-dev-full' | + | KUB_ROLE_NAME=" |
# Comma separated quoted - '" | # Comma separated quoted - '" | ||
KUB_ROLE_APIGROUPS='" | KUB_ROLE_APIGROUPS='" | ||
KUB_ROLE_RESOURCES='" | KUB_ROLE_RESOURCES='" | ||
- | KUB_ROLE_VERBS='" | + | KUB_ROLE_VERBS='" |
echo " | echo " | ||
Line 449: | Line 449: | ||
name: ${KUB_USERGROUP} | name: ${KUB_USERGROUP} | ||
apiGroup: rbac.authorization.k8s.io | apiGroup: rbac.authorization.k8s.io | ||
- | roleRef: | + | roleRef: |
- | kind: ClusterRole | + | kind: ClusterRole |
name: ${KUB_ROLE_NAME} | name: ${KUB_ROLE_NAME} | ||
- | | + | |
EOF | EOF | ||
fi | fi | ||
Line 479: | Line 479: | ||
name: ${KUB_USERGROUP} | name: ${KUB_USERGROUP} | ||
apiGroup: rbac.authorization.k8s.io | apiGroup: rbac.authorization.k8s.io | ||
- | roleRef: | + | roleRef: |
- | kind: Role | + | kind: Role |
name: ${KUB_ROLE_NAME} | name: ${KUB_ROLE_NAME} | ||
- | | + | |
EOF | EOF | ||
fi | fi | ||
Line 510: | Line 510: | ||
current-context: | current-context: | ||
EOF | EOF | ||
+ | |||
+ | kubectl delete certificatesigningrequests ${KUB_USERNAME}_csr | ||
</ | </ | ||
===== Создание закрытого ключа пользователя и запроса сертификата ===== | ===== Создание закрытого ключа пользователя и запроса сертификата ===== |