zoukankan      html  css  js  c++  java

  • 授权某个linux系统root下kubectl命令给 普通用户

    ###

    1.创建普通用户,设置密码

    [root@jira ~]# useradd alphaReadLog
[root@jira ~]# passwd alphaReadLog
Changing password for user test.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

    2.复制admin.conf文件到普通用户

    [alphaReadLog@iZ2ze2uuh7sdomb9ij4gxeZ ~]$ mkdir -p /home/alphaReadLog/.kube/config/

[root@iZ2ze2uuh7sdomb9ij4gxeZ ~]# cp /etc/kubernetes/admin.conf  /home/alphaReadLog/.kube/config/

[root@iZ2ze2uuh7sdomb9ij4gxeZ ~]# chown alphaReadLog.alphaReadLog /home/alphaReadLog/.kube/config/admin.conf 

[alphaReadLog@iZ2ze2uuh7sdomb9ij4gxeZ ~]$ cat /home/alphaReadLog/.bashrc 
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
    . /etc/bashrc
fi
# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=
export KUBECONFIG=/home/alphaReadLog/.kube/config/admin.conf
source <(kubectl completion bash)
# User specific aliases and functions

    [alphaReadLog@iZ2ze2uuh7sdomb9ij4gxeZ ~]$ source /home/alphaReadLog/.bashrc

    3.授权alphaReadLog用户可以执行kubectl命令(***步骤可不做)

    [root@jira ~]# cat /etc/sudoers
# ****
## Allow root to run any commands anywhere 
root    ALL=(ALL)     ALL
#(为普通用户alphaReadLog赋予root权限)
#第一个ALL:所有地方都可以登陆,localhost只能本机登陆。
#第二个(ALL):表示什么身份的用户都执行。’
#第三个ALL:表示所有命令都可以使用
#NOPASSWD:表示不用输入root密码即可执行
alphaReadLog ALL=(ALL) NOPASSWD:/usr/bin/kubectl

## Allows members of the 'sys' group to run networking, software, 
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel    ALL=(ALL)    ALL

## Same thing without a password
# %wheel    ALL=(ALL)    NOPASSWD: ALL

# ****

    4.普通用户测试

    # 未授权(未操作步骤2中拷贝admin.conf)时使用命令
[alphaReadLog@iZ2ze2uuh7sdomb9ij4gxeZ ~]$ kubectl get pod
The connection to the server localhost:8080 was refused - did you specify the right host or port?

# 授权后(本次未执行步骤3,执行了步骤2)
[alphaReadLog@iZ2ze2uuh7sdomb9ij4gxeZ ~]$ kubectl get pod
NAME                                     READY   STATUS    RESTARTS   AGE
alpha-abilitytest-6849db6b7c-frrt7       1/1     Running   0          127d
alpha-recruitment-548f7957d7-6glsm       1/1     Running   0          9d

    ###
  • 相关阅读:
    显卡关键词
    为照顾IE6尽量不要margin和padding
    如何保证一个类只有一个实例(1)
    显示列表(display list)
    AutoCAD2007与Office2007冲突
    虚函数(1)
    字符串对象的属性
    细读cow.osg
    常量折叠(const folding)与复写传播 (copy propagation)
    .NET Framework 3.5 sp1离线安装
  • 原文地址:https://www.cnblogs.com/faithH/p/14277935.html
Copyright © 2011-2022 走看看