新增learn-kubernetes（https://github.com/yyong-brs/learn-kubernetes）相关文件

2024-02-20 17:15:27 +08:00
parent 6706e1a633
commit 34158042ad
1529 changed files with 177765 additions and 0 deletions
--- a/learn/learn-kubernetes-master/kiamol/ch17/user-groups/bindings/sre-group.yaml
+++ b/learn/learn-kubernetes-master/kiamol/ch17/user-groups/bindings/sre-group.yaml
@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: sre-view-cluster
+  labels:
+    kiamol: ch17
+subjects:
+- kind: Group
+  name: sre
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: view
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: sre-edit-ch17
+  namespace: kiamol-ch17
+subjects:
+- kind: Group
+  name: sre
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: edit
+  apiGroup: rbac.authorization.k8s.io
--- a/learn/learn-kubernetes-master/kiamol/ch17/user-groups/bindings/test-group.yaml
+++ b/learn/learn-kubernetes-master/kiamol/ch17/user-groups/bindings/test-group.yaml
@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: logs-reader
+  labels:
+    kiamol: ch17
+rules:
+- apiGroups: [""]
+  resources: ["pods", "pods/log"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: test-logs-cluster
+  labels:
+    kiamol: ch17
+subjects:
+- kind: Group
+  name: test
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: logs-reader
+  apiGroup: rbac.authorization.k8s.io
--- a/learn/learn-kubernetes-master/kiamol/ch17/user-groups/service-accounts/role-bindings/sre-sa-group.yaml
+++ b/learn/learn-kubernetes-master/kiamol/ch17/user-groups/service-accounts/role-bindings/sre-sa-group.yaml
@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: sre-sa-view-cluster
+  labels:
+    kiamol: ch17
+subjects:
+- kind: Group
+  name: system:serviceaccounts:kiamol-authn-sre
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: view
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: sre-sa-edit-ch17
+  namespace: kiamol-ch17
+subjects:
+- kind: Group
+  name: system:serviceaccounts:kiamol-authn-sre
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: edit
+  apiGroup: rbac.authorization.k8s.io
--- a/learn/learn-kubernetes-master/kiamol/ch17/user-groups/service-accounts/role-bindings/test-sa-group.yaml
+++ b/learn/learn-kubernetes-master/kiamol/ch17/user-groups/service-accounts/role-bindings/test-sa-group.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: test-sa-logs-cluster
+  labels:
+    kiamol: ch17
+subjects:
+- kind: Group
+  name: system:serviceaccounts:kiamol-authn-test
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: logs-reader
+  apiGroup: rbac.authorization.k8s.io
--- a/learn/learn-kubernetes-master/kiamol/ch17/user-groups/service-accounts/sre-sa.yaml
+++ b/learn/learn-kubernetes-master/kiamol/ch17/user-groups/service-accounts/sre-sa.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kiamol-authn-sre
+  labels:
+    kiamol: ch17
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sre2
+  namespace: kiamol-authn-sre
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sre2-sa-token
+  namespace: kiamol-authn-sre
+  annotations:
+    kubernetes.io/service-account.name: sre2
+type: kubernetes.io/service-account-token
--- a/learn/learn-kubernetes-master/kiamol/ch17/user-groups/service-accounts/test-sa.yaml
+++ b/learn/learn-kubernetes-master/kiamol/ch17/user-groups/service-accounts/test-sa.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kiamol-authn-test
+  labels:
+    kiamol: ch17
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tester2
+  namespace: kiamol-authn-test
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tester2-sa-token
+  namespace: kiamol-authn-test
+  annotations:
+    kubernetes.io/service-account.name: tester2
+type: kubernetes.io/service-account-token
--- a/learn/learn-kubernetes-master/kiamol/ch17/user-groups/sre-user.yaml
+++ b/learn/learn-kubernetes-master/kiamol/ch17/user-groups/sre-user.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: sre-user
+  labels:
+    kiamol: ch17
+spec:
+  serviceAccountName: user-cert-generator
+  containers:
+    - name: user-cert-generator
+      image: kiamol/ch17-user-cert-generator
+      env:
+        - name: USER_NAME
+          value: sre1
+        - name: GROUP
+          value: sre
+        - name: SET_CONTEXT
+          value: "true"
--- a/learn/learn-kubernetes-master/kiamol/ch17/user-groups/test-user.yaml
+++ b/learn/learn-kubernetes-master/kiamol/ch17/user-groups/test-user.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-user
+  labels:
+    kiamol: ch17
+spec:
+  serviceAccountName: user-cert-generator
+  containers:
+    - name: user-cert-generator
+      image: kiamol/ch17-user-cert-generator
+      env:
+        - name: USER_NAME
+          value: tester1
+        - name: GROUP
+          value: test
+        - name: SET_CONTEXT
+          value: "true"