Kubernetes中的RBAC错误 [英] RBAC Error in Kubernetes
问题描述
我已经在工作场所中部署了kubernetes v1.8.我已经为管理员创建了角色,并在3个月前查看了对命名空间的访问.在初始阶段,RBAC按照赋予用户的访问权限进行工作.现在,RBAC并没有发生,每个有权访问集群的人都具有clusteradmin访问权限.
I have deployed kubernetes v1.8 in my workplace. I have created roles for admin and view access to namespaces 3months ago. In the initial phase RBAC is working as per the access given to the users. Now RBAC is not happening every who has access to the cluster is having clusteradmin access.
您能建议必须执行的错误/更改吗?
Can you suggest the errors/changes that had to be done?
推荐答案
确保仍在使用RBAC授权模式(--authorization-mode=…,RBAC
是apiserver参数的一部分)
Ensure the RBAC authorization mode is still being used (--authorization-mode=…,RBAC
is part of the apiserver arguments)
如果是,则检查是否有将所有管理员身份授予集群管理员角色的clusterrolebinding:
If it is, then check for a clusterrolebinding that is granting the cluster-admin role to all authenticated users:
kubectl get clusterrolebindings -o yaml | grep -C 20 system:authenticated
这篇关于Kubernetes中的RBAC错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!