### Permission Manager Permission Manager是一個為Kubernetes RBAC和使用者管理提供Web UI的專案，為Kubernetes許可權管理提供友好的視覺化介面。 ### 安裝 從 https://github.com/sighupio/permission-manager/tree/master/deployments/kubernetes 把yaml檔案下載下來,如下 ```shell [root@qd01-stop-k8s-master001 kubernetes]# ll total 4 -rw-r--r-- 1 root root 2697 Jan 28 11:08 deploy.yml drwxr-xr-x 2 root root 37 Jan 28 11:14 seeds ``` ### 建立namespace ```shell [root@qd01-stop-k8s-master001 kubernetes]# kubectl create namespace permission-manager namespace/permission-manager created ``` ### 建立祕密並進行相應更新 ```yaml [rancher@qd01-stop-k8snode011 permission-manager]$ cat secret.yaml --- apiVersion: v1 kind: Secret metadata: name: permission-manager namespace: permission-manager type: Opaque stringData: PORT: "4000" # port where server is exposed CLUSTER_NAME: "kubernetes-cluster" # name of the cluster to use in the generated kubeconfig file CONTROL_PLANE_ADDRESS: "https://10.26.29.208:6443" # full address of the control plane to use in the generated kubeconfig file BASIC_AUTH_PASSWORD: "k8sAdmin" # password used by basic auth (username is `admin`) ``` ```shell [root@qd01-stop-k8s-master001 kubernetes]# kubectl apply -f secret.yaml secret/permission-manager created ``` ### 部署 ```shell [root@qd01-stop-k8s-master001 seeds]# kubectl apply -f crd.yml Warning: apiextensions.k8s.io/v1beta1 CustomResourceDefinition is deprecated in v1.16+, unavailable in v1.22+; use apiextensions.k8s.io/v1 CustomResourceDefinition customresourcedefinition.apiextensions.k8s.io/permissionmanagerusers.permissionmanager.user created [root@qd01-stop-k8s-master001 seeds]# kubectl apply -f seed.yml clusterrole.rbac.authorization.k8s.io/template-namespaced-resources___operation created clusterrole.rbac.authorization.k8s.io/template-namespaced-resources___developer created clusterrole.rbac.authorization.k8s.io/template-cluster-resources___read-only created clusterrole.rbac.authorization.k8s.io/template-cluster-resources___admin created [root@qd01-stop-k8s-master001 kubernetes]# kubectl apply -f deploy.yml service/permission-manager created deployment.apps/permission-manager created serviceaccount/permission-manager created clusterrole.rbac.authorization.k8s.io/permission-manager created Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding clusterrolebinding.rbac.authorization.k8s.io/permission-manager created ``` 以上就把permission-manager部署好了，Warning資訊可忽略或者自行修改yaml檔案中api版本為rbac.authorization.k8s.io/v1 ### 使用ingress暴露服務 建立ingress.yaml ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: permission-manager-ingress namespace: permission-manager annotations: kubernetes.io/ingress.class: nginx spec: rules: - host: permission.ieasou.cn http: paths: - pathType: Prefix path: / backend: service: name: permission-manager port: number: 4000 ``` ```shell [root@qd01-stop-k8s-master001 kubernetes]# kubectl apply -f ingress.yaml [root@qd01-stop-k8s-master001 kubernetes]# kubectl get ing -n permission-manager Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress NAME CLASS HOSTS ADDRESS PORTS AGE permission-manager-in