{"id":35507,"date":"2023-12-02T23:23:00","date_gmt":"2022-12-28T05:16:49","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/"},"modified":"2024-05-04T11:52:42","modified_gmt":"2024-05-04T03:52:42","slug":"%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/","title":{"rendered":"\u5173\u4e8eKubernetes\u7684RBAC"},"content":{"rendered":"<h1>RBAC \u662f Role-Based Access Control \u7684\u7f29\u5199\u3002<\/h1>\n<p>RBAC\uff08\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff09\u662f\u4e00\u79cd\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\u529f\u80fd\u3002<\/p>\n<p>RBAC\u8d44\u6e90\u6709\u56db\u79cd\u8d44\u6e90\uff0c\u5206\u522b\u662f\u89d2\u8272\u8d44\u6e90\u3001\u96c6\u7fa4\u89d2\u8272\u8d44\u6e90\u3001\u89d2\u8272\u7ed1\u5b9a\u8d44\u6e90\u548c\u96c6\u7fa4\u89d2\u8272\u7ed1\u5b9a\u8d44\u6e90\u3002<\/p>\n<p>Role\u3068ClusterRole\u306f\u3001\u3069\u306e\u30ea\u30bd\u30fc\u30b9\u306b\u3069\u3093\u306a\u64cd\u4f5c\u3092\u8a31\u53ef\u3059\u308b\u304b\u3092\u5b9a\u7fa9\u3059\u308b\u305f\u3081\u306e\u30ea\u30bd\u30fc\u30b9<\/p>\n<p>RoleBinding\u3068ClusterRoleBinding\u306f\u3069\u306eRole\/ClusterRole\u3092\u3069\u306eUser\u3084ServiceAcctount\u306b\u7d10\u4ed8\u3051\u308b\u304b\u3092\u5b9a\u7fa9\u3059\u308b\u305f\u3081\u306e\u30ea\u30bd\u30fc\u30b9\u3002<\/p>\n<p>\u30e6\u30fc\u30b6\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306bkubectl config set-credentials\u3092\u4f7f\u3063\u3066\u4f5c\u6210\u3067\u304d\u308b<\/p>\n<p>kubectl config set-credentials alice &#8211;username=alice &#8211;password=password<br \/>\n\u53c2\u8003\uff1a kubernetes\u304c\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u8a8d\u8a3c\u65b9\u6cd5\u306e\u5168\u30d1\u30bf\u30fc\u30f3\u3092\u52d5\u304b\u3059<\/p>\n<h1>\u8d44\u6e90\u548c\u64cd\u4f5c\u662f\u4ec0\u4e48\uff1f<\/h1>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">\u30ea\u30bd\u30fc\u30b9\u3068\u306f<\/ul>\n<\/li>\n<\/ul>\n<p>Kubernetes\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u6307\u3059\u3002\u4f8b\u3048\u3070Pod, Deployment, Service, Secret etc..<\/p>\n<p>\u64cd\u4f5c\u3068\u306f<\/p>\n<p>get, create, update, delete, list, watch, deletecollection \u306a\u3069\u304c\u3042\u308b\u3002<\/p>\n<h2>\u64cd\u4f5c\u5217\u8868<\/h2>\n<div>\n<div class=\"post-table\">\u7a2e\u5225\u5185\u5bb9*\u5168\u3066\u306e\u51e6\u7406create\u4f5c\u6210delete\u524a\u9664get\u53d6\u5f97list\u4e00\u89a7\u53d6\u5f97update\u66f4\u65b0patch\u4e00\u90e8\u5909\u66f4watch\u5909\u66f4\u306e\u8ffd\u5f93<\/div>\n<\/div>\n<h1>Role \u548c ClusterRole \u7684\u533a\u522b\uff0c\u4ee5\u53ca RoleBinding \u548c ClusterRoleBinding \u7684\u533a\u522b\u3002<\/h1>\n<p>Role\u548cClusterRole\u7684\u533a\u522b\uff0c\u4ee5\u53caRoleBinding\u548cClusterRoleBinding\u7684\u533a\u522b\u5728\u4e8e\uff0cRole\/RoleBinding\u5c5e\u4e8e\u7279\u5b9a\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u800cClusterRole\/ClusterRoleBinding\u4e0d\u5c5e\u4e8e\u547d\u540d\u7a7a\u95f4\uff08\u5c5e\u4e8e\u96c6\u7fa4\u7ea7\u8d44\u6e90\uff09\u3002<\/p>\n<div>\n<div class=\"post-table\">\nnamespace\u306b\u5c5e\u3059\u308bnamespace\u306b\u5c5e\u3055\u306a\u3044Role\u25ef<br \/>\nCluster Role<br \/>\n\u25efRoleBinding\u25ef<br \/>\nClusterRoleBinding<br \/>\n\u25ef<\/div>\n<\/div>\n<h1>\u9ed8\u8ba4\u63d0\u4f9b\u7684\u96c6\u7fa4\u89d2\u8272<\/h1>\n<p>ClusterRole\u306b\u306f\u3044\u304f\u3064\u304b\u30c7\u30d5\u30a9\u30eb\u30c8ClusterRole\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u308b\u3002\u305d\u306e\u305f\u3081\u3056\u3063\u304f\u308a\u3068\u3057\u305f\u6a29\u9650\u3067\u3044\u3044\u5834\u5408\u306f\u65b0\u898f\u3067Role\u3084ClusterRole\u3092\u4f5c\u6210\u305b\u305a\u306b\u30c7\u30d5\u30a9\u30eb\u30c8ClusterRole\u3092\u4f7f\u3046\u3053\u3068\u304c\u3067\u304d\u308b\u3002(\u53c2\u8003)<\/p>\n<div>\n<div class=\"post-table\">\u30c7\u30d5\u30a9\u30eb\u30c8ClusterRole\u540d\u5185\u5bb9cluster-admin\u5168\u3066\u306e\u30ea\u30bd\u30fc\u30b9\u306b\u5bfe\u3057\u3069\u3093\u306a\u30a2\u30af\u30b7\u30e7\u30f3\u3067\u3082\u53ef\u80fd\u3002<br \/>\nClusterRoleBinding\u3092\u4f7f\u3046\u3068\u3001cluster\u306e\u5168\u3066\u306e\u30ea\u30bd\u30fc\u30b9\u306b\u305f\u3044\u3057\u3066\u3069\u3093\u306a\u30a2\u30af\u30b7\u30e7\u30f3\u3067\u3082\u53ef\u80fd\u306b\u306a\u308b\u3002<br \/>\nRoleBinding\u3092\u4f7f\u3046\u3068\u305d\u306enamespace\u306e\u5168\u3066\u306e\u30ea\u30bd\u30fc\u30b9\u306b\u305f\u3044\u3057\u3066\u3069\u3093\u306a\u30a2\u30af\u30b7\u30e7\u30f3\u3067\u3082\u53ef\u80fd\u306b\u306a\u308b(namespace\u30ea\u30bd\u30fc\u30b9\u542b\u3080)\u3002adminRoleBinding\u3092\u4f7f\u3063\u3066binding\u304c\u3055\u308c\u308b\u3053\u3068\u3092\u671f\u5f85\u3055\u308c\u3066\u3044\u308bClusterRole\u3002<br \/>\nnamespace\u5185\u306e\u307b\u3068\u306e\u3069\u306e\u30ea\u30bd\u30fc\u30b9\u306b\u5bfe\u3057\u3066read\/write\u304c\u3067\u304d\u308b\u3002<br \/>\n\u307e\u305f\u305d\u306enamespace\u5185\u306eRole\/RoleBinding\u30ea\u30bd\u30fc\u30b9\u306ewrite\u6a29\u9650\u3082\u6709\u3059\u308b\u3002<br \/>\n\u3057\u304b\u3057ResourceQuota\u3068namespace\u81ea\u8eab\u306b\u306fwrite\u3067\u304d\u306a\u3044\u3002edit\u307b\u3068\u3093\u3069\u306e\u30ea\u30bd\u30fc\u30b9\u306eread write\u304c\u3067\u304d\u308b\u304c\u3001Role\/RoleBinding\u306eread\u3084write\u306f\u3067\u304d\u306a\u3044view\u307b\u3068\u3093\u3069\u306e\u30ea\u30bd\u30fc\u30b9\u306eread \u304c\u3067\u304d\u308b\u304c\u3001Role\/RoleBinding\u3001\u305d\u3057\u3066Secret\u306eread\u306f\u3067\u304d\u306a\u3044<\/div>\n<\/div>\n<h1>\u96c6\u7fa4\u89d2\u8272\u805a\u5408<\/h1>\n<p>\u81eaKubernetes 1.9\u7248\u672c\u5f00\u59cb\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u805a\u5408\u529f\u80fd\u5c06\u591a\u4e2aClusterRole\u5b9a\u4e49\u52a0\u8f7d\u5230ClusterRole\u4e2d\u3002\u805a\u5408\u6839\u636e\u8bbe\u7f6e\u5728ClusterRole\u4e0a\u7684\u6807\u7b7e\u8fdb\u884c\u64cd\u4f5c\uff0c\u4f46\u4e0d\u4f1a\u53cd\u6620\u5728\u805a\u5408\u53d1\u9001\u7684ClusterRole\u4e0a\u7684\u89c4\u5219\u3002\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u8fd9\u91cc\u3002<\/p>\n<h1>\u5728\u4e2d\u56fd\u672c\u571f\u5c06\u4ee5\u4e0b\u5185\u5bb9\u6539\u5199\u4e3a\u4e2d\u6587\uff1a<\/h1>\n<p>Role\u548cRoleBinding\u7684\u521b\u5efa\u793a\u4f8b<\/p>\n<h4>\u521b\u5efa\u89d2\u8272<\/h4>\n<p>\u4ee5\u4e0b\u306fService\u30ea\u30bd\u30fc\u30b9\u3092get, list\u3067\u304d\u308b\u6a29\u9650\u3092\u8868\u3057\u305fRole<\/p>\n<pre class=\"post-pre\"><code><span class=\"na\">apiVersion<\/span><span class=\"pi\">:<\/span> <span class=\"s\">rbac.authorization.k8s.io\/v1<\/span>\r\n<span class=\"na\">kind<\/span><span class=\"pi\">:<\/span> <span class=\"s\">Role<\/span>\r\n<span class=\"na\">metadata<\/span><span class=\"pi\">:<\/span>\r\n  <span class=\"na\">namespace<\/span><span class=\"pi\">:<\/span> <span class=\"s\">hoge-ns<\/span>\r\n  <span class=\"na\">name<\/span><span class=\"pi\">:<\/span> <span class=\"s\">service-reader-role<\/span>\r\n<span class=\"na\">rules<\/span><span class=\"pi\">:<\/span>\r\n<span class=\"pi\">-<\/span> <span class=\"na\">apiGroups<\/span><span class=\"pi\">:<\/span>\r\n  <span class=\"pi\">-<\/span> <span class=\"s\">apps<\/span>\r\n  <span class=\"pi\">-<\/span> <span class=\"s\">extensions<\/span>\r\n  <span class=\"na\">resources<\/span><span class=\"pi\">:<\/span>\r\n  <span class=\"pi\">-<\/span> <span class=\"s\">deployments<\/span>\r\n  <span class=\"pi\">-<\/span> <span class=\"s\">services<\/span>\r\n  <span class=\"na\">verbs<\/span><span class=\"pi\">:<\/span>\r\n  <span class=\"pi\">-<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">get\"<\/span>\r\n  <span class=\"pi\">-<\/span> <span class=\"s2\">\"<\/span><span class=\"s\">list\"<\/span>\r\n<\/code><\/pre>\n<p>\u4f7f\u7528kubectl\u547d\u4ee4\u521b\u5efamy-reader-role.yaml\u6587\u4ef6\u4e2d\u7684Role\u89d2\u8272\u3002<\/p>\n<h4>\u521b\u5efa\u4e00\u4e2a\u89d2\u8272\u7ed1\u5b9a<\/h4>\n<p>Role: my-reader-role\u3092ServiceAccount: my-app-sa\u306b\u7d10\u4ed8\u3051\u308b\u305f\u3081\u306eRoleBinding<\/p>\n<pre class=\"post-pre\"><code><span class=\"na\">apiVersion<\/span><span class=\"pi\">:<\/span> <span class=\"s\">rbac.authorization.k8s.io\/v1<\/span>\r\n<span class=\"na\">kind<\/span><span class=\"pi\">:<\/span> <span class=\"s\">RoleBinding<\/span>\r\n<span class=\"na\">metadata<\/span><span class=\"pi\">:<\/span>\r\n  <span class=\"na\">name<\/span><span class=\"pi\">:<\/span> <span class=\"s\">service-reader-rolebinding<\/span>\r\n  <span class=\"na\">namespace<\/span><span class=\"pi\">:<\/span> <span class=\"s\">hoge-ns<\/span>\r\n<span class=\"na\">roleRef<\/span><span class=\"pi\">:<\/span>\r\n  <span class=\"na\">apiGroup<\/span><span class=\"pi\">:<\/span> <span class=\"s\">rbac.authorization.k8s.io<\/span>\r\n  <span class=\"na\">kind<\/span><span class=\"pi\">:<\/span> <span class=\"s\">Role<\/span>\r\n  <span class=\"na\">name<\/span><span class=\"pi\">:<\/span> <span class=\"s\">my-reader-role<\/span>\r\n<span class=\"na\">subjects<\/span><span class=\"pi\">:<\/span>\r\n<span class=\"pi\">-<\/span> <span class=\"na\">kind<\/span><span class=\"pi\">:<\/span> <span class=\"s\">ServiceAccount<\/span>\r\n  <span class=\"na\">name<\/span><span class=\"pi\">:<\/span> <span class=\"s\">my-app-sa<\/span>\r\n  <span class=\"na\">namespace<\/span><span class=\"pi\">:<\/span> <span class=\"s\">hoge-ns<\/span>\r\n<\/code><\/pre>\n<p>\u4f7f\u7528`kubectl create -f my-reader-rolebinding.yaml`\u547d\u4ee4\u521b\u5efaRoleBinding\u3002<\/p>\n<h1>ServiceAccount\u306b\u3064\u3044\u3066<\/h1>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">ServiceAccount \u306f Kubernetes \u5185\u3067 Pod \u306e\u8a8d\u8a3c\u8a8d\u53ef\u306e\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u308b\u3082\u306e<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">pod\u306f\u4f5c\u6210\u6642\u306b\u306a\u306b\u304b\u3057\u3089\u306eServiceAccount\u306b\u7d10\u4ed8\u3051\u3089\u308c\u308b<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">ServiceAccount\u306b\u5bfe\u3057\u3066Role\u3092\u7d10\u4ed8\u3051\u308b(bind\u3059\u308b)\u3053\u3068\u304c\u3067\u304d\u308b<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">ServiceAccount\u306f\u3069\u306enamespace\u306b\u5c5e\u3059\u308b\u304b\u306e\u60c5\u5831\u3001\u53ca\u3073API\u3078\u63a5\u7d9a\u3059\u308b\u305f\u3081\u306e\u8a8d\u8a3c\u60c5\u5831\u3092\u3082\u3063\u3066\u3044\u308b\u3002namespace\u3001ca.crt\u3001token\u306e3\u3064\u3002<\/ul>\n<\/li>\n<\/ul>\n<p>namespace\u30921\u3064\u4f5c\u308b\u3068default\u3068\u3044\u3046\u540d\u524d\u306eServiceAccount\u304c\u81ea\u52d5\u7684\u306b\u4f5c\u6210\u3055\u308c\u308b\u3002<br \/>\nKubernetes\u30af\u30e9\u30b9\u30bf\u3092\u4f5c\u308b\u3068default\u3068\u3044\u3046namespace\u304c\u81ea\u52d5\u3067\u4f5c\u6210\u3055\u308c\u308b\u304c\u3001\u305d\u306enamespace\u306b\u5c5e\u3059\u308bdefault\u3068\u3044\u3046\u540d\u524d\u306eServiceAccount\u3082\u81ea\u52d5\u3067\u4f5c\u6210\u3055\u308c\u308b\u3002pod\u3092\u4f5c\u6210\u3059\u308b\u3068\u7d10\u4ed8\u3051\u308bServiceAccount\u306b\u6307\u5b9a\u304c\u306a\u3051\u308c\u3070default\u306eServiceAccount\u304c\u7d10\u4ed8\u3051\u3089\u308c\u308b\u3002<\/p>\n<p>default\u306eServiceAccount\u4ee5\u5916\u306b\u3082\u65b0\u3057\u304fServiceAccount\u3092\u624b\u52d5\u3067\u4f5c\u6210\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u3001pod\u306b\u7d10\u4ed8\u3051\u308b\u3053\u3068\u304c\u3067\u304d\u308b<\/p>\n<p>\u305f\u3068\u3048\u3070Web\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u7528\u306eServiceAccount\u3092\u4f5c\u6210\u3057\u3001\u305d\u306eWeb\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u7528Pod\u306b\u4f5c\u6210\u3057\u305fServiceAccount\u3092\u7d10\u4ed8\u3051\u3001\u305d\u306eServiceAccount\u306bKubernetes\u30ea\u30bd\u30fc\u30b9\u306e\u53c2\u7167\u306e\u307f\u3092\u8a31\u53ef\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002<\/p>\n<h1>\u5176\u4ed6\u5efa\u8bae<\/h1>\n<ul class=\"post-ul\">\u3069\u3093\u306a\u6642\u306bRole\/RoleBinding\u3068ClusterRole\/ClusterRoleBinding\u3092\u4f7f\u3048\u3070\u3044\u3044\u304b\u306f\u4ee5\u4e0b\u3092\u53c2\u8003\u306b\u3059\u308c\u3070\u3088\u3044<\/ul>\n<div>\n<div class=\"post-table\">\u30a2\u30af\u30bb\u30b9\u5236\u9650\u5bfe\u8c61Role\u7a2e\u985eBinding\u7a2e\u985eCluster-level resources (Nodes, PersistentVolumes, &#8230;)ClusterRoleClusterRoleBindingNon-resource URLs (\/api, \/healthz, &#8230;)ClusterRoleClusterRoleBinding\u3044\u304f\u3064\u304b\u306enamespace\u3001\u3082\u3057\u304f\u306f\u5168\u3066\u306enamespace\u306b\u5b58\u5728\u3059\u308bNamespaced resourcesClusterRoleClusterRoleBinding\u7279\u5b9a\u306enamespace\u306b\u5b58\u5728\u3059\u308bNamespaced resources\u3002(\u5171\u901a\u306eRole\u3092\u4f7f\u3044\u305f\u3044\u5834\u5408)ClusterRoleRoleBinding\u7279\u5b9a\u306enamespace\u306b\u5b58\u5728\u3059\u308bNamespaced resources\u3002(namespace\u3054\u3068\u306bRole\u3092\u5b9a\u7fa9\u3059\u308b\u5834\u5408)RoleRoleBinding<\/div>\n<\/div>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">kubectl auth can-i\u3092\u4f7f\u3046\u3068\u6a29\u9650\u304c\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u304b\u3001\u64cd\u4f5c\u304c\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u304b\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">\u4f8b\u3048\u3070hoge-ns\u3068\u3044\u3046namespace\u306b\u3042\u308bdefault\u3068\u3044\u3046\u540d\u524d\u306eservice account\u304cservice\u306ecreate\u3059\u308b\u3053\u3068\u3092\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u78ba\u8a8d\u3067\u304d\u308b\u3002<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">$ kubectl auth can-i create services &#8211;as=system:serviceaccount:hoge-ns:default -n=hoge-ns<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">namespace: kube-system\u306eRole\u4e00\u89a7<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">$ kubectl get roles -n=kube-system<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">namespace: kube-system\u306eClusterRole\u4e00\u89a7<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\n<li style=\"list-style-type: none;\">\n<ul class=\"post-ul\">$ kubectl get clusterroles -n=kube-system<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul class=\"post-ul\">\u3082\u3057minikube\u4e0a\u3067RBAC\u3092\u6709\u52b9\u306b\u3057\u305f\u3044\u5834\u5408\u306f\u3001minikube\u8d77\u52d5\u6642\u306b\u3001&#8211;extra-config=apiserver.Authorization.Mode=RBAC\u3092\u6307\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u3002<\/ul>\n<p>\u8bf7\u67e5\u770b\uff1a<\/p>\n<p>Kubernetes in Action (\u6700\u9ad8\u306b\u5206\u304b\u308a\u3084\u3059\u304f\u66f8\u304b\u308c\u3066\u3044\u308b\u306e\u3067\u305c\u3072\u8cb7\u3044\u307e\u3057\u3087\u3046)<br \/>\nUsing RBAC Authorization<br \/>\nKubernetes Engine: \u5f79\u5272\u30d9\u30fc\u30b9\u306e\u30a2\u30af\u30bb\u30b9\u5236\u5fa1<br \/>\nKubernetes in Action<br \/>\nKubernetes Cookbook<br \/>\nConfigure RBAC In Your Kubernetes Cluster<\/p>\n","protected":false},"excerpt":{"rendered":"<p>RBAC \u662f Role-Based Access Control \u7684\u7f29\u5199\u3002 RBAC\uff08\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff09\u662f\u4e00 [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-35507","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u5173\u4e8eKubernetes\u7684RBAC - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5173\u4e8ekubernetes\u7684rbac\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u5173\u4e8eKubernetes\u7684RBAC\" \/>\n<meta property=\"og:description\" content=\"RBAC \u662f Role-Based Access Control \u7684\u7f29\u5199\u3002 RBAC\uff08\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff09\u662f\u4e00 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5173\u4e8ekubernetes\u7684rbac\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-28T05:16:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-04T03:52:42+00:00\" \/>\n<meta name=\"author\" content=\"\u6e05, \u5b87\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6e05, \u5b87\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/\",\"name\":\"\u5173\u4e8eKubernetes\u7684RBAC - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2022-12-28T05:16:49+00:00\",\"dateModified\":\"2024-05-04T03:52:42+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/1a6ecd3d914d22a5ac32791ffc1fbd8e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u5173\u4e8eKubernetes\u7684RBAC\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/1a6ecd3d914d22a5ac32791ffc1fbd8e\",\"name\":\"\u6e05, \u5b87\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4b2016c18459a605fc469c7566608f5686491baa112d0871ee613f61b7210565?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4b2016c18459a605fc469c7566608f5686491baa112d0871ee613f61b7210565?s=96&d=mm&r=g\",\"caption\":\"\u6e05, \u5b87\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyu\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u5173\u4e8eKubernetes\u7684RBAC - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u5173\u4e8ekubernetes\u7684rbac\/","og_locale":"zh_CN","og_type":"article","og_title":"\u5173\u4e8eKubernetes\u7684RBAC","og_description":"RBAC \u662f Role-Based Access Control \u7684\u7f29\u5199\u3002 RBAC\uff08\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff09\u662f\u4e00 [&hellip;]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u5173\u4e8ekubernetes\u7684rbac\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2022-12-28T05:16:49+00:00","article_modified_time":"2024-05-04T03:52:42+00:00","author":"\u6e05, \u5b87","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6e05, \u5b87","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"2 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/","name":"\u5173\u4e8eKubernetes\u7684RBAC - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2022-12-28T05:16:49+00:00","dateModified":"2024-05-04T03:52:42+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/1a6ecd3d914d22a5ac32791ffc1fbd8e"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u5173\u4e8eKubernetes\u7684RBAC"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/1a6ecd3d914d22a5ac32791ffc1fbd8e","name":"\u6e05, \u5b87","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4b2016c18459a605fc469c7566608f5686491baa112d0871ee613f61b7210565?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4b2016c18459a605fc469c7566608f5686491baa112d0871ee613f61b7210565?s=96&d=mm&r=g","caption":"\u6e05, \u5b87"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyu\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%85%b3%e4%ba%8ekubernetes%e7%9a%84rbac\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/35507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=35507"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/35507\/revisions"}],"predecessor-version":[{"id":98160,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/35507\/revisions\/98160"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=35507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=35507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=35507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}