简单的k8s RBAC —(permission-manager)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

#拉取项目到本地
$ git clone https://github.com/sighupio/permission-manager

#部署依赖
$ cd permission-manager/
$ vim k8s/k8s-seeds/auth-secret.yml #修改密码 可忽略。此项目的密码是用的stringDate设置的明文密码。也可以用data设置base64加密的密码
apiVersion: v1
kind: Secret
metadata:
  name: auth-password-secret
  namespace: permission-manager
type: Opaque
stringData:
  password: admin000
$ kubectl apply -f k8s/k8s-seeds/namespace.yml
$ kubectl apply -f k8s/k8s-seeds

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: permission-manager
  name: permission-manager-deployment
  labels:
    app: permission-manager
spec:
  replicas: 1
  selector:
    matchLabels:
      app: permission-manager
  template:
    metadata:
      labels:
        app: permission-manager
    spec:
      serviceAccountName: permission-manager-service-account
      containers:
        - name: permission-manager
          image: quay.io/sighup/permission-manager:1.5.0
          ports:
            - containerPort: 4000
          env:
            - name: PORT
              value: "4000"
            - name: CLUSTER_NAME
              value: "cluster1"
            - name: CONTROL_PLANE_ADDRESS
              value: "https://172.16.77.40:6443"
            - name: BASIC_AUTH_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: auth-password-secret
                  key: password

---
apiVersion: v1
kind: Service
metadata:
  namespace: permission-manager
  name: permission-manager-service
spec:
  selector:
    app: permission-manager
  type: NodePort
  ports:
    - protocol: TCP
      port: 4000
      targetPort: 4000
      nodePort: 30180

1

$ kubectl apply -f k8s/deploy.yaml