Open huxiangquan opened 1 year ago
已测试过可用的ROLE配置
---
apiVersion: rbac.authorization.k8s.io/v1/
kind: ClusterRole
metadata:
name: ktuser-cr
rules:
- apiGroups: [""]
resources: ["pods","pods/exec","pods/portforward"] #主要是pods/exec和pods/portforward
verbs: ["create", "update", "patch", "get", "list","delete"]
将其绑定到serviceAccount上,生成kubeconfig文件即可。
该文件默认具备集群的全部权限,有了该文件通过kubectl等工具可以实现对集群的完全控制,具有极大风险性。 ktconnect在仅需要实现当下功能的情况下是否应该考虑创建新的用户config连接集群,或者提供相应的权限角色绑定设置?