RBACManager是一个使用自定义资源对RBAC进行声明式配置的Operator,它的目标是简化Kubernetes的授权,减少授权所需的配置量,使其更易扩展。例如,有如下两个原生的RoleBinding配置清单:
kind: RoleBindingapiVersion: rbac.authorization.k8s.io/v1metadata: name: joe-web namespace: websubjects:- kind: User name: joe@example.comroleRef: kind: ClusterRole name: edit apiGroup: rbac.authorization.k8s.iokind: RoleBindingapiVersion: rbac.authorization.k8s.io/v1metadata: name: joe-api namespace: apisubjects:- kind: User name: joe@example.comroleRef: kind: ClusterRole name: view apiGroup: rbac.authorization.k8s.io使用RBACManager后只需一个自定义资源即可实现相同的授权:
apiVersion: rbacmanager.reactiveops.io/v1beta1kind: RBACDefinitionmetadata: name: joe-accessrbacBindings: - name: joe subjects: - kind: User name: joe@example.com roleBindings: - namespace: api clusterRole: view - namespace: web clusterRole: edit
评论