真题环境模拟
创建 namespace
kubectl create ns monitoring创建 ServiceAccount
kubectl create sa service-account-web -n monitoring创建 Role
# vim role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: monitoring
name: web-role
rules:
- apiGroups: [""] # "" 标明 core API 组
resources: ["pods"]
verbs: ["get", "watch", "list"]
kubectl create -f role.yaml创建 RoleBinding
kubectl create rolebinding pod-get-binding \
--role=web-role \
--serviceaccount=monitoring:service-account-web \
-n monitoring创建 Pod 所需 yaml
kubectl run dev-pod --image=nginx --dry-run=client -n monitoring -o yaml > dev-pod.yaml编辑 dev-pod.yaml
# vim dev-pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: dev-pod
name: dev-pod
namespace: monitoring
spec:
serviceAccountName:service-account-web # 添加此项配置
containers:
- image: nginx
name: dev-pod
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}创建 Pod
kubectl create -f dev-pod.yamlLast updated