部署影子APIServer

影子APIServer

参考链接：

https://www.cdxy.me/?p=839

https://www.youtube.com/watch?v=CH7S5rE3j8w

权限配置

为Pod设置高权限的ServiceAccount，通过ClusterRole和ClusterRoleBinding实现

role.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cluster-admin
rules:
- apiGroups: [""]
  resources: ["*"]
  verbs: ["*"]

rolebinding.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cluster-admin-binding
subjects:
- kind: ServiceAccount
  name: default  # 替换为你的 ServiceAccount 名称
  namespace: cdk-test  # 替换为你的 Pod 所在的命名空间
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

应用集群角色

kubectl apply -f role.yaml
kubectl apply -f rolebinding.yaml

CDK创建影子APIServer

进入测试pod执行命令

./cdk run k8s-shadow-apiserver default

可以看到影子APIServer创建成功

本文采用CC-BY-SA-3.0协议，转载请注明出处
Author: Sally