登录
当前位置: 首页 > 工具软件 > Kubeapps > 使用案例 >

kubeapps创建用户

景凌
2023-12-01

创建用户脚本:

#!/bin/sh
#$1 is user name
#$2 is namespace

pos=`expr index $1 _`
if (($pos>0));then
echo "Name cannot contain '_', $1"
exit 1
fi

pos=`expr index $2 _`
if (($pos>0));then
echo "Namespace cannot contain '_', $2"
exit 1
fi


kubectl create namespace $2
kubectl create serviceaccount $1 -n $2

echo "kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: $1
  namespace: $2
rules:
- apiGroups: [\"\"]
  resources: [\"pods\",\"services\"]
  verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"]
- apiGroups: [\"extensions\", \"apps\"]
  resources: [\"deployments\"]
  verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"]
- apiGroups: [\"apps\"]
  resources: [\"replicasets\",\"daemonsets\",\"statefulsets\"]
  verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"]
- apiGroups: [\"\"]
  resources: [\"events\"]
  verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"]
- apiGroups: [\"\"]
  resources: [\"configmaps\",\"persistentvolumeclaims\",\"secrets\",\"replicationcontrollers\"]
  verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"]
- apiGroups: [\"batch\"]
  resources: [\"cronjobs\",\"jobs\"]
  verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"]
- apiGroups: [\"extensions\"]
  resources: [\"ingresses\"]
  verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"]  
- apiGroups: [\"\"]
  resources: [\"namespaces\",\"nodes\"]
  verbs: [\"get\", \"list\", \"watch\"]
- apiGroups: [\"rbac.authorization.k8s.io\"]
  resources: [\"roles\",\"clusterroles\"]
  verbs: [\"get\", \"list\", \"watch\", \"create\", \"update\", \"patch\", \"delete\"] 
  

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: $1
  namespace: $2
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: $1
subjects:
- kind: ServiceAccount
  name: $1
  namespace: $2

" > /tmp/for_create_user.yml


kubectl create -f /tmp/for_create_user.yml




#for kubeapps  

export KUBEAPPS_NAMESPACE=kubeapps
export KUBEAPPS_RELEASE_NAME=kubeapps
kubectl create -n $KUBEAPPS_NAMESPACE rolebinding $1-$2-kubeapps-repositories-write \
  --role=$KUBEAPPS_RELEASE_NAME-repositories-write \
  --serviceaccount $2:$1


kubectl create -n $KUBEAPPS_NAMESPACE rolebinding $1-$2-kubeapps-repositories-read \
  --role=$KUBEAPPS_RELEASE_NAME-repositories-read \
  --serviceaccount $2:$1


token=`kubectl get secret $(kubectl get serviceaccount $1 -n $2 -o jsonpath='{.secrets[].name}') -n $2 -o jsonpath='{.data.token}' | base64 --decode`
echo $token
echo $token > /tmp/token

删除用户脚本:

#!/bin/sh
#$1 is user name
#$2 is namespace

pos=`expr index $1 _`
if (($pos>0));then
echo "Name cannot contain '_', $1"
exit 1
fi

pos=`expr index $2 _`
if (($pos>0));then
echo "Namespace cannot contain '_', $2"
exit 1
fi


kubectl delete RoleBinding $1 -n $2   
kubectl delete Role $1 -n $2   
kubectl delete ServiceAccount  $1 -n $2


#for kubeapps   

export KUBEAPPS_NAMESPACE=kubeapps
export KUBEAPPS_RELEASE_NAME=kubeapps
kubectl delete -n $KUBEAPPS_NAMESPACE rolebinding $1-$2-kubeapps-repositories-write
kubectl delete -n $KUBEAPPS_NAMESPACE rolebinding $1-$2-kubeapps-repositories-read

 

 类似资料:

相关阅读

创建通用单例使用Swift创建NSAlert用Javascript创建图形使用AngularJS创建cookie用Java创建地图

相关文章

Cassandra创建表MariaDB创建表ionic 创建 APPSQLite 创建表创建工程

相关问答

使用npx创建React应用程序项目创建React.js使用创建时提到的值创建ArrayList[duplicate]Firebase/AngularFire创建用户信息Spring Boot REST Hibernate-创建用户创建用户的Firestore规则

相关文档

用 Jersey 构建 RESTful 服务静态网站构建手册之使用 Hugo 构建个人博客用 JSON 构建 API 的标准指南使用 Express + MongoDB 搭建多人博客使用 Express 和 MongoDB 搭建多人博客
快捷导航: 新手教程 算法原理 架构设计 Java进阶 数据库进阶 大厂专栏 面试经验 编程笔记 编程问答 所有专题 文档资料 工具软件 电子书籍 小牛导航
在线工具: 房贷计算器 个税计算器 Linux命令查询 Json格式化 正则表达式 颜色转换 AES加解密 SHA1加密 MD5加密 毒鸡汤 字数统计 随机密码生成 进制转换 Base64编解码 励志句子
Copyright © 2019-2024 小牛知识库@xnip.cn. All Rights Reserved.