Skip to content

Commit

Permalink
project steps.
Browse files Browse the repository at this point in the history
  • Loading branch information
bayram-ozkan committed Oct 21, 2024
1 parent 5ba816d commit c68a28d
Show file tree
Hide file tree
Showing 7 changed files with 90 additions and 1 deletion.
16 changes: 15 additions & 1 deletion 01-Info/_komutlar.txt
Original file line number Diff line number Diff line change
Expand Up @@ -596,9 +596,23 @@ $ kubectl get csr



--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# Cluster kullanıcı ve yetki ayarları

kubectl auth whoami

--------------------------------------------------------






# junior kullanıcısının test isimli namespacede pod listeleme yetkisi var mı yok mu kontrol ediyor. (çıktı yes/no şeklinde)
$ kubectl auth can-i list pods --as=junior -n test



--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

$ kubectl config current-context
test-user
Expand Down
13 changes: 13 additions & 0 deletions 20-proje/jr-production-rb.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jr-production-rb
namespace: production # namespace adı
subjects:
- kind: Group
name: junior # Grubun adı
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: view # ne yetkisi olacak -> sadece okuma
apiGroup: rbac.authorization.k8s.io
13 changes: 13 additions & 0 deletions 20-proje/jr-test-rb.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jr-test-rb
namespace: test # namespace adı
subjects:
- kind: Group
name: junior # Grubun adı
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: edit # ne yetkisi olacak - oluşturma ve silme
apiGroup: rbac.authorization.k8s.io
11 changes: 11 additions & 0 deletions 20-proje/kind-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
# 4 worker 1 master cluster
- role: control-plane
- role: worker
- role: worker
- role: worker
- role: worker

# kind create cluster --config kind-config.yml
12 changes: 12 additions & 0 deletions 20-proje/sr-CRB.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding # Cluster genelinde yetki
metadata:
name: sr-cluster-rb
subjects:
- kind: Group
name: senior # Grubun adı
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: view # ne yetkisi olacak
apiGroup: rbac.authorization.k8s.io
13 changes: 13 additions & 0 deletions 20-proje/sr-production-rb.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: sr-production-rb
namespace: production # namespace adı
subjects:
- kind: Group
name: senior # Grubun adı
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: edit # ne yetkisi olacak -> sadece okuma
apiGroup: rbac.authorization.k8s.io
13 changes: 13 additions & 0 deletions 20-proje/sr-test-rb.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: sr-test-rb
namespace: test # namespace adı
subjects:
- kind: Group
name: test # Grubun adı
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: edit # ne yetkisi olacak
apiGroup: rbac.authorization.k8s.io

0 comments on commit c68a28d

Please sign in to comment.