问题:
我认为这两个yaml应该做相应的映射,
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: devops-cluster-admin
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: devopstales
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
subjects:
- kind: User
name: "devopstales"
namespace: "kube-system"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
如何在OIDC角色/组和K8s角色之间实现角色映射?
答案1:
你要指定--oidc-groups-claim=
,其中JWT声明包含标识认证用户所属组的字符串列表,然后在RBAC中引用这些名称