1、创建 Servcie Accounts
2、创建一个 Cluster Role
3、修改Cluster Role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: devops-role
uid: 7d36b90b-2407-428b-b2d9-744964ae962f
resourceVersion: '1005840'
creationTimestamp: '2021-09-17T06:27:29Z'
annotations:
kubectl.kubernetes.io/last-applied-configuration: >
{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"creationTimestamp":"2021-09-17T06:27:29Z","name":"devops-role","selflink":"/apis/rbac.authorization.k8s.io/v1/clusterroles/devops-role","uid":"7d36b90b-2407-428b-b2d9-744964ae962f"},"rules":[{"apiGroups":[""],"resources":["pods","pods/exec","pods/log"],"verbs":["*"]},{"apiGroups":[""],"resources":["services"],"verbs":["list","get","watch"]}]}
selflink: /apis/rbac.authorization.k8s.io/v1/clusterroles/devops-role
# 添加的内容
rules:
- verbs:
- '*'
apiGroups:
- ''
resources:
- pods
- pods/exec
- pods/log
- verbs:
- list
- get
- watch
apiGroups:
- ''
resources:
- services
4、把 Service Account 用户绑定到 Cluster Role
