Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revisionBoth sides next revision
devops:kubernetes [2021/08/02 13:24] – [Добавление объекта] admindevops:kubernetes [2021/08/18 14:23] – [Скрипт] admin
Line 352: Line 352:
 set -e set -e
  
-KUB_CONTEXT='kub-apps-test+KUB_CONTEXT='kubernetes-admin@kubernetes
-KUB_USERNAME='developer' +KUB_USERNAME='developer-ro
-KUB_USERGROUP='app-dev-full'+KUB_USERGROUP='mcs-ro'
 #cluster or ns (namespace) #cluster or ns (namespace)
 #AUTH_SCOPE='cluster' #AUTH_SCOPE='cluster'
 AUTH_SCOPE='ns' AUTH_SCOPE='ns'
 # If AUTH_SCOPE = ns then we need namespace name # If AUTH_SCOPE = ns then we need namespace name
-KUB_NAMESPACE='app-dev+KUB_NAMESPACE='default
-KUB_ROLE_NAME='app-dev-full'+KUB_ROLE_NAME="${KUB_USERGROUP}-role"
 # Comma separated quoted - '"get", "list"'. For all use "*" # Comma separated quoted - '"get", "list"'. For all use "*"
 KUB_ROLE_APIGROUPS='"*"' KUB_ROLE_APIGROUPS='"*"'
 KUB_ROLE_RESOURCES='"*"' KUB_ROLE_RESOURCES='"*"'
-KUB_ROLE_VERBS='"*"'+KUB_ROLE_VERBS='"get", "list"'
  
 echo "Switching to context '${KUB_CONTEXT}'..." echo "Switching to context '${KUB_CONTEXT}'..."
Line 449: Line 449:
   name: ${KUB_USERGROUP}   name: ${KUB_USERGROUP}
   apiGroup: rbac.authorization.k8s.io   apiGroup: rbac.authorization.k8s.io
-roleRef:                              +roleRef: 
- kind: ClusterRole                          + kind: ClusterRole
  name: ${KUB_ROLE_NAME}  name: ${KUB_ROLE_NAME}
- apiGroup: rbac.authorization.k8s.io + apiGroup: rbac.authorization.k8s.io
 EOF EOF
 fi fi
Line 479: Line 479:
   name: ${KUB_USERGROUP}   name: ${KUB_USERGROUP}
   apiGroup: rbac.authorization.k8s.io   apiGroup: rbac.authorization.k8s.io
-roleRef:                              +roleRef: 
- kind: Role                          + kind: Role
  name: ${KUB_ROLE_NAME}  name: ${KUB_ROLE_NAME}
- apiGroup: rbac.authorization.k8s.io + apiGroup: rbac.authorization.k8s.io
 EOF EOF
 fi fi
Line 510: Line 510:
 current-context: ${KUB_USERNAME}-${CLUSTER_NAME} current-context: ${KUB_USERNAME}-${CLUSTER_NAME}
 EOF EOF
 +
 +kubectl delete certificatesigningrequests ${KUB_USERNAME}_csr
 </code> </code>
 ===== Создание закрытого ключа пользователя и запроса сертификата ===== ===== Создание закрытого ключа пользователя и запроса сертификата =====
  • devops/kubernetes.txt
  • Last modified: 2023/11/30 08:03
  • by admin