首页 > 其他分享 >探究Kubectl默认使用的Role和Rolebinding,以及如何通过认证和授权的

探究Kubectl默认使用的Role和Rolebinding,以及如何通过认证和授权的

时间:2022-11-14 21:14:50浏览次数:52  
标签:Kubectl kubernetes 证书 admin Rolebinding cluster Role io rbac

默认情况下,我们能很方便地通过kubectl访问集群内的资源。但是你有没有想过,它在访问集群过程中,是如何通过认证和授权过程的,以及在默认开启了RABC时,它使用了什么样的角色和角色绑定呢?

首先,我们查看下~/.kube/config文件,找到默认使用的用户

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1Ea3lOakE1TXpFd01sb1hEVE15TURreU16QTVNekV3TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGVLCmxmeEVvTFFJZ1JxSkd1VzhYMUJibG5HQXphM3d3V2EzdkFreGhpemZaV0dvTyt4M05KemlnQXZTZEpONDdwcEQKZm10bXdrTWhKOUNIRGY0TTRRd1FmdzFWUmRIOVlXYmZzQVlpN0xsOXZOM04yVDlyZVFBelZpMnRaQlU2aTVjeQpkbnhKQXlFTnRocmoxdHN6MGh5OVVXTm1URUpRZVZ6aW55T0t1UFVEcGlzQjRscy9jbEdKT1JsVG5LY3RFU0FiCkk5RGpFbno4a3diUDVIMXdsWUxMUEc5KzBLMGlYSmRzcUR1SVlKQjhaem9WRHQ0SHI3SVovdm5KZkhFVU8yNVYKbHhUaHF2WDlRRklRM3dNSVk1LzR0aWVFdVFMbjV4UDFyOGtpQzdENkJhVUVqMTZ5eThlaXkwTmErVnVBcHlmdApHUE85MldNbStZQU16Y3k1NGcwQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZBVVVHQlF0alJtQzZTRnBmN256VnNyaVdLeFdNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSnRPOWFMeVRrQ0dKVWhkcUFmaQp3RnNleXloUk8zVzJjVlF3OGZqRnU1blRvZnpDV2JlSHYwY20xUUxXb3hDTmJwY3JNUHVBUWNteEV5cVpHZld6CndQSm5aVGRVa1NTZEtvd2V5Y2ZaTU1FQnZwYkgyTkVNbGVEeDluN0FzZ3hoZTQ2ZUxoZlVwZ1YwOUMyRThFMVoKNS9tTVIrb3lraXQ3N0UyTGRjREN4cnBxUEZ6LzdtMVA4WXJrR1g1YVVYUDV0aFZ3UmlaaUZEV0Zuc1YrTWJGdAo1VDJnWmgrMm03ek14aTUvd2ZJYkZWQlFsOGZwbERtWE05c1FRUWE0RkZwTERkWUpXTGo5OFN5dXFGaGV1ZXdTCkd2WkdKQXBxSjV1VmVmajJ5STRYa014Rktqak81cjk1YXh3Ti9uTnZmbi9wOFYwc0YwK25PbkdoZkV5ZjVYNmIKUXZzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://192.168.0.41:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJRThicjZjNExiVDR3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBNU1qWXdPVE14TURKYUZ3MHlNekE1TWpZd09UTXhNRFJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTVqT00rU3ZiYVdYeDdENTgKSnRyQ25FSmlzc1c0a1h4MC83NWVKb0dxRGpRUmpVQlBsdDIwYkFNK0lqR3BzNlV2c3RXSWFuZ20rc1Vnb3d4awpZVVhpNTNHZktld242QVR5QWY5RnVKQ2p1TS9MbnhIdmYveEp1UlYrVk9Zbk4vaEUrT25MZU0xeC9LTExCeEFHCllZMllpS0pHQk1hcGtlYUhWZ1ZpZmt1RXd2SjJhMkpnWDhpWmNFcWc2Q2xqWTBGWEpoek5keUVkdmc1STY4VWwKQzI5ZW5OUzNnaEtOODYzeHNDeVF0T1BrTGZ1WW95TXUzT2lFcHY2RnNiUkR4NUh5M2M0cHFGVGR4MmQ0SWRhQQo2NjIxZ1lqbms2elZqbFJpd21QQUNVQ0QrbCs1QlFWU2lwa0dQZi9CUUV2L0dtR2FiS0NTRU5zdWF6VGlERnM4CkUxZVpWd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRRkZCZ1VMWTBaZ3VraGFYKzU4MWJLNGxpcwpWakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZ1lHRHJNM01oaEg4RmR1UWxwc2JtTnFBNy83eGQwekpOd1lxCjdUaU4wd3dOMGwxOEEvR1NkYWd0Sm1vNUVqdVdaajQ5RGc1WStvWHlUK3QyZE1GQzB3NURXTVJlbGMzV0Z1ODQKdXZxa3RjRHUzcFoxNWtBTjlNS1Q0ZStPaXJkNVkwZDdobllNNkxyUUxMOUw3ZnRrb0xCRUZkZTl5dHAwbUFlVgpoT1Rvc2ZWUkxLNmtJNkpjdkFMM0tmRGdZNEJDbFZiM3NBdFZnVkhuQ3R0MFBBbk9hU0dveTg4K1JmVk9LdlR3CitSTjNFaTA2NFhzZy9waThJa2NYcVZOT1BWUDRyQWlkWjNDNStpSnNIZEszVkJDaVJZV3FqLzk0RkRuMm03N00KN0xRK0RUSmNvMzZEajh6S1lWS25WOUVGNjRPbHJmOFVkMFFPSjlMYmc0QkJISEFjWmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNWpPTStTdmJhV1h4N0Q1OEp0ckNuRUppc3NXNGtYeDAvNzVlSm9HcURqUVJqVUJQCmx0MjBiQU0rSWpHcHM2VXZzdFdJYW5nbStzVWdvd3hrWVVYaTUzR2ZLZXduNkFUeUFmOUZ1SkNqdU0vTG54SHYKZi94SnVSVitWT1luTi9oRStPbkxlTTF4L0tMTEJ4QUdZWTJZaUtKR0JNYXBrZWFIVmdWaWZrdUV3dkoyYTJKZwpYOGlaY0VxZzZDbGpZMEZYSmh6TmR5RWR2ZzVJNjhVbEMyOWVuTlMzZ2hLTjg2M3hzQ3lRdE9Qa0xmdVlveU11CjNPaUVwdjZGc2JSRHg1SHkzYzRwcUZUZHgyZDRJZGFBNjYyMWdZam5rNnpWamxSaXdtUEFDVUNEK2wrNUJRVlMKaXBrR1BmL0JRRXYvR21HYWJLQ1NFTnN1YXpUaURGczhFMWVaVndJREFRQUJBb0lCQUFkbHZLLzlJczNlUXNudQpzQnFuaVAxd2ZLOTEveHBkdjN6QVoxSWhkSStFU05RYkx2T1FLRTRZUkpUZ3Q2MVlMNUkxbm02ZGNkTTVKblZXCjNwcnBuZ01GK2JGbEwxc2JYWk9HMm55MTJTMEZNR3ZxTGFJVlAyRTlPWlFNMlZISkhwNUpGUXJLdjFENUFrRTEKMko2bDZETHIxQWd2UWgrNElyMDI2eFZYNCtwSHhMMXQ5NS9QUkc5cXRFcE9CeDRXcVByRDRXbTcrQ0hQS3BaSwpSdGtjaEFyYlhrTDlkMng3RllWazhLNUZadFljUDhKd2swT1ZSTFdLaG9sMTIxQzJEOE5lbDFBby9vQXBhSURBCkgrLzB4d3U5eitLZTN6RDJlTGJEajREaWhqVGVBUm5XNDNUZGhPT0YxLzE0L3o1bUlsTE80bXJFY21GS2RzWEEKRDZ6bUZpRUNnWUVBNmNBR0dFM2hobXE3SWdOTHR5MGRKV3BpQ3hFR0xIV1RYOFdtcndNNWg0UXZRNFBDWnpRbAo5blJuVGJRQ2RHWXRCUkpRMzJQT0J0TVpTc040ZDhrTTBPN29JK0hmNGxzOFYySkVJTkQ3MCtudGhPY0hpWk5PCmtjTWtvSFk3bVJvN3Q1UVlBSmRsMkxmbVNOUmc1VHM2MExidEhDOGhQOGJOSmxVWlpVQXJpTzhDZ1lFQS9CME4KWWxwOFVTME12RWVJS3AzNmZlWHRUanlia1FsYkE3YnBGSjRMNGxzV205SVpabk5mM2dCaytxYXN5Z2tTcWhkMwphK1gwU1hXbzdaOHNZdVpJeUVyKyt2eWlYVUhncDJvcGdsK25EL2JOd1cvR1loL0dLTnErK0NLeVhtM1ozQVU2CmVSOFZ5bk1NS0lVVkVxYlRFWTZuNHBpdjB6TzlpNDJWVENINFpoa0NnWUVBcDZ4eDhzOHkvbnZqUHBQRXBXSTgKTFJHeHdLUjJuRCsrOW8xT2N1NUtQemFIdk5Od0NSMzBPV1Rva1dtVjlTOHlEaGhFWU9vejZOdFdvald6WGFHZgppdVJGS3pBa3JEZXNBamJnRGZZN0hwa0lJelNpU0lLZGNwdmIweXJjdDRlRTNMdmp0OURpWXVJUDA2QmMzVEp1Cmp6Y1l3UVhod09EM1dnN2pSNmtQVVlzQ2dZRUE5SGREYkRTcnlaY3llenV0dVExNVFTMThmOW5iUzdkVHJ2VmwKYkIyWkRvUWZGemVTYzdxNm9pMmx2VHR6MzNFT3pTcDJIWVZjN1FLUHJPTWxDajJkSThNOUhxbHMwNXMydVlBRApBaTI0ZEkxd2xQcksxb2xUQUhpa3B6NFYwZVVaVlBVbzd4d0thRVpJNnQycFFtM0x5NEdXSCs3SXg3YXJQTEFzCnJpZGVrN2tDZ1lCUm9vUWZqMHZ1SDEzeDRxeDU5SjdhQTQrV1dIeldVRzIyU3lrdlJ4MzdOdkhXNlpHZXUxbzEKWWhFQ0JzMk9meVpESVpsKzIwRHQrUUJSYTlNclJhUm5nV0tlelI2WkUrR3ZxZm5mcFR6RTM0UFIrUDN5RnN6QQp2b21ISWIxQm5UVElhR0xsV3pnaDU5WjVsMngrQkhKeVRZZ2dZWTlOTGVIaUNVUjhtdWR6bkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

然而证书都被编码了,我们需要对它进行解码

$ echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJRThicjZjNExiVDR3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TWpBNU1qWXdPVE14TURKYUZ3MHlNekE1TWpZd09UTXhNRFJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTVqT00rU3ZiYVdYeDdENTgKSnRyQ25FSmlzc1c0a1h4MC83NWVKb0dxRGpRUmpVQlBsdDIwYkFNK0lqR3BzNlV2c3RXSWFuZ20rc1Vnb3d4awpZVVhpNTNHZktld242QVR5QWY5RnVKQ2p1TS9MbnhIdmYveEp1UlYrVk9Zbk4vaEUrT25MZU0xeC9LTExCeEFHCllZMllpS0pHQk1hcGtlYUhWZ1ZpZmt1RXd2SjJhMkpnWDhpWmNFcWc2Q2xqWTBGWEpoek5keUVkdmc1STY4VWwKQzI5ZW5OUzNnaEtOODYzeHNDeVF0T1BrTGZ1WW95TXUzT2lFcHY2RnNiUkR4NUh5M2M0cHFGVGR4MmQ0SWRhQQo2NjIxZ1lqbms2elZqbFJpd21QQUNVQ0QrbCs1QlFWU2lwa0dQZi9CUUV2L0dtR2FiS0NTRU5zdWF6VGlERnM4CkUxZVpWd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRRkZCZ1VMWTBaZ3VraGFYKzU4MWJLNGxpcwpWakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZ1lHRHJNM01oaEg4RmR1UWxwc2JtTnFBNy83eGQwekpOd1lxCjdUaU4wd3dOMGwxOEEvR1NkYWd0Sm1vNUVqdVdaajQ5RGc1WStvWHlUK3QyZE1GQzB3NURXTVJlbGMzV0Z1ODQKdXZxa3RjRHUzcFoxNWtBTjlNS1Q0ZStPaXJkNVkwZDdobllNNkxyUUxMOUw3ZnRrb0xCRUZkZTl5dHAwbUFlVgpoT1Rvc2ZWUkxLNmtJNkpjdkFMM0tmRGdZNEJDbFZiM3NBdFZnVkhuQ3R0MFBBbk9hU0dveTg4K1JmVk9LdlR3CitSTjNFaTA2NFhzZy9waThJa2NYcVZOT1BWUDRyQWlkWjNDNStpSnNIZEszVkJDaVJZV3FqLzk0RkRuMm03N00KN0xRK0RUSmNvMzZEajh6S1lWS25WOUVGNjRPbHJmOFVkMFFPSjlMYmc0QkJISEFjWmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg" \
|base64  --decode >default.crt 

解码后,查看其Subject

$ openssl x509  -text -noout -in default.crt 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1425085721526103358 (0x13c6ebe9ce0b6d3e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=kubernetes
        Validity
            Not Before: Sep 26 09:31:02 2022 GMT
            Not After : Sep 26 09:31:04 2023 GMT
        Subject: O=system:masters, CN=kubernetes-admin
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e6:33:8c:f9:2b:db:69:65:f1:ec:3e:7c:26:da:
                    c2:9c:42:62:b2:c5:b8:91:7c:74:ff:be:5e:26:81:
                    aa:0e:34:11:8d:40:4f:96:dd:b4:6c:03:3e:22:31:
                    a9:b3:a5:2f:b2:d5:88:6a:78:26:fa:c5:20:a3:0c:
                    64:61:45:e2:e7:71:9f:29:ec:27:e8:04:f2:01:ff:
                    45:b8:90:a3:b8:cf:cb:9f:11:ef:7f:fc:49:b9:15:
                    7e:54:e6:27:37:f8:44:f8:e9:cb:78:cd:71:fc:a2:
                    cb:07:10:06:61:8d:98:88:a2:46:04:c6:a9:91:e6:
                    87:56:05:62:7e:4b:84:c2:f2:76:6b:62:60:5f:c8:
                    99:70:4a:a0:e8:29:63:63:41:57:26:1c:cd:77:21:
                    1d:be:0e:48:eb:c5:25:0b:6f:5e:9c:d4:b7:82:12:
                    8d:f3:ad:f1:b0:2c:90:b4:e3:e4:2d:fb:98:a3:23:
                    2e:dc:e8:84:a6:fe:85:b1:b4:43:c7:91:f2:dd:ce:
                    29:a8:54:dd:c7:67:78:21:d6:80:eb:ad:b5:81:88:
                    e7:93:ac:d5:8e:54:62:c2:63:c0:09:40:83:fa:5f:
                    b9:05:05:52:8a:99:06:3d:ff:c1:40:4b:ff:1a:61:
                    9a:6c:a0:92:10:db:2e:6b:34:e2:0c:5b:3c:13:57:
                    99:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier: 
                keyid:05:14:18:14:2D:8D:19:82:E9:21:69:7F:B9:F3:56:CA:E2:58:AC:56

    Signature Algorithm: sha256WithRSAEncryption
         81:81:83:ac:cd:cc:86:11:fc:15:db:90:96:9b:1b:98:da:80:
         ef:fe:f1:77:4c:c9:37:06:2a:ed:38:8d:d3:0c:0d:d2:5d:7c:
         03:f1:92:75:a8:2d:26:6a:39:12:3b:96:66:3e:3d:0e:0e:58:
         fa:85:f2:4f:eb:76:74:c1:42:d3:0e:43:58:c4:5e:95:cd:d6:
         16:ef:38:ba:fa:a4:b5:c0:ee:de:96:75:e6:40:0d:f4:c2:93:
         e1:ef:8e:8a:b7:79:63:47:7b:86:76:0c:e8:ba:d0:2c:bf:4b:
         ed:fb:64:a0:b0:44:15:d7:bd:ca:da:74:98:07:95:84:e4:e8:
         b1:f5:51:2c:ae:a4:23:a2:5c:bc:02:f7:29:f0:e0:63:80:42:
         95:56:f7:b0:0b:55:81:51:e7:0a:db:74:3c:09:ce:69:21:a8:
         cb:cf:3e:45:f5:4e:2a:f4:f0:f9:13:77:12:2d:3a:e1:7b:20:
         fe:98:bc:22:47:17:a9:53:4e:3d:53:f8:ac:08:9d:67:70:b9:
         fa:22:6c:1d:d2:b7:54:10:a2:45:85:aa:8f:ff:78:14:39:f6:
         9b:be:cc:ec:b4:3e:0d:32:5c:a3:7e:83:8f:cc:ca:61:52:a7:
         57:d1:05:eb:83:a5:ad:ff:14:77:44:0e:27:d2:db:83:80:41:
         1c:70:1c:66

即: Subject: O=system:masters, CN=kubernetes-admin,表示用户为kubernetes-admin,所属的组为system:masters。

而我们知道,用户持有证书(被Kubernetes集群CA证书签名的有效证书)访问kubernetes时,证书中Subject(主题)里的信息被当作用户名参与认证过程,如"/CN=kubernetes-admin",服务端在接收到证书后通过私钥解密证书,获得客户端证书公钥,并用该公钥认证证书的信息,确认客户端是否合法。

这里使用的证书是kubernetes自动生成的,然而我们还可以创建自己的证书,学习创建和使用证书访问kubernetes:https://www.cnblogs.com/cosmos-wong/p/16890364.html

 

而我们知道,在clusterrolebinding cluster-admin中绑定了组"system:masters"

$ kubectl get clusterrolebinding cluster-admin -oyaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  creationTimestamp: "2022-09-26T09:31:13Z"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
  resourceVersion: "135"
  uid: 0f68aa16-5090-4086-b200-fec2e468dcc5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:masters

而角色cluster-admin,能够操作集群中的任何资源,包括资源类型和非资源类型

$ kubectl get clusterrole cluster-admin -oyaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  creationTimestamp: "2022-09-26T09:31:13Z"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: cluster-admin
  resourceVersion: "73"
  uid: 24cf144c-6d0c-4e77-9ff2-a736b5e6c4c5
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - '*'
- nonResourceURLs:
  - '*'
  verbs:
  - '*'

因此,尽管默认情况下,我们没有做任何配置,kubectl也能够访问集群中的所有资源,就是它已经帮我们做了认证和授权。

 

标签:Kubectl,kubernetes,证书,admin,Rolebinding,cluster,Role,io,rbac
From: https://www.cnblogs.com/cosmos-wong/p/16890391.html

相关文章

  • kubectl
    一、kubectl概述kubectl是Kubernetes集群的命令行工具,通过kubectl能够对集群本身进行管理,并能够在集群上进行容器化应用的安装部署。Kubectl的配置文件在$HOME/.kube......
  • kubectl基本命令
    1、kubectl基本命令1.kubernetes集群管理集群资源的唯一入口是通过相应的方法调用apiserver的接口2. kubectl是官方的CLI命令行工具,用于与apiserver进行通信,将用户在命......
  • Kubernetes集群管理工具kubectl简介
     概述kubectl是Kubernetes集群的命令行工具,通过kubectl能够对集群本身进行管理,并能够在集群上进行容器化应用的安装和部署 命令格式kubectl[command][type][na......
  • kubernetes之kubectl与YAML详解1
      k8s集群的日志,带有组件的信息,多看日志。 kubectl命令汇总kubectl命令汇总kubectl命令帮助信息[root@mcwk8s04~]#kubectl-hkubectlcontrolstheKuberne......
  • Unreal NetMode&NetRole 解析
    Version:Unreal4.26问题为啥UE编辑器会有EPlayNetMode有三种让你选择。为啥描述World的ENetMode会有4种,而不只是(Client/Server2种)。为何Actor会有Role的概念......
  • kubectl 详细介绍
    kubectlkubectl是Kubernetes的命令行工具(CLI),是Kubernetes用户和管理员必备的管理工具。kubectl提供了大量的子命令,方便管理Kubernetes集群中的各种功能。这里不......
  • k8s结合jumpserver做kubectl权限控制 用户在多个namespaces的访问权限 rbac权限控制
    k8s结合jumpserver做kubectl权限控制用户在多个namespaces的访问权限rbac权限控制 https://www.cnblogs.com/fanfanfanlichun/p/14989454.html  其实这个文章就......
  • 006kubectl实用参数总结
    一、打印先前退出容器#-p,--previous=false:Iftrue,printthelogsforthepreviousinstanceofthecontainerinapodifitexists.#-p参数应用场景为-->......
  • kubectl explain --recursive
    Addthe--recursiveflagtodisplayallofthefieldsatoncewithoutdescriptions.InformationabouteachfieldisretrievedfromtheserverinOpenAPIforma......
  • kubectl -o go-template
    关于golang的text/templatehttp://docs.studygolang.com/pkg/text/template/ $cat<<EOF|kubectlapply-f-apiVersion:v1kind:Podmetadata:name:nginxs......