access control 相关

Identity and Access Management (IAM)

When you configure permissions for IBM Cloud Kubernetes Service in IAM, use the name containers-kubernetes for the API or CLI, and Kubernetes Service for the console.

what are policies?

Access control policies are high-level requirements that specify how access is managed and who may access information under what circumstances.

To whom you can assign policies?

You must define access policies for every user that works with IBM Cloud Kubernetes Service.

what resources can be granted policies?

service access roles grant access to the Kubernetes API, dashboard, and CLI (kubectl)

A static token file can be used to ensure only authenticated users access the API server.

Assigning IBM Cloud IAM roles with the console

Grant users access to your IBM Cloud Kubernetes Service clusters by assigning IBM Cloud IAM platform access and service access roles with the IBM Cloud console.

Assign IBM Cloud IAM roles with the CLI

Grant users access to your IBM Cloud Kubernetes Service clusters by assigning IBM Cloud IAM platform access and service access roles with the CLI.

Understanding RBAC permissions

RBAC roles and cluster roles define a set of permissions for how users can interact with Kubernetes resources in your cluster.

• Create a role, and apply it with a role binding. This option is useful for controlling access to a unique resource that exists only in one namespace, like an app deployment.
• Create a cluster role, and apply it with a role binding. This option is useful for controlling access to general resources in one namespace, like pods.

 Create a .yaml file to define the role or cluster role

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
namespace: default
name: my_clusterRole
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]

Create the role or cluster role in your cluster.

kubectl apply -f my_clusterrole.yaml

Verify that the role or cluster role is created.

kubectl get clusterroles

Bind users to the role or cluster role.

Create a .yaml file to bind users to your role or cluster role. Note the unique URL to use for each subject's name.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: my_clusterrole_binding
subjects:
- kind: User
name: IAM#user1@example.com
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: my_clusterRole
apiGroup: rbac.authorization.k8s.io

Create cluster role binding resource in your cluster

kubectl apply -f my_clusterrole_binding.yaml

最后

以上就是痴情小霸王为你收集整理的access control 相关的全部内容，希望文章能够帮你解决access control 相关所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错，欢迎将靠谱客网站推荐给程序员好友。