有很多命名空间,每个命名空间中都会创建 helm 角色来运行 helm。您必须将创建角色权限添加到所有应用程序命名空间中集群中的每个 helm 角色。告诉我该怎么做?
我猜这可以通过
kubectl path role helm -p "набор параметров" -А
但我不确定所有命名空间的标志都适用于此,而且我不明白如何设置一组参数。掌舵角色之一的清单看起来像
kubectl describe role helm -n myapp
Name: helm
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
* [] [] [*]
*.apps [] [] [*]
*.autoscaling [] [] [*]
*.batch [] [] [*]
*.extensions [] [] [*]
*.networking.k8s.io [] [] [*]
rolebindings.rbac.authorization.k8s.io [] [] [get patch]
roles.rbac.authorization.k8s.io [] [] [get patch]
Yaml 看起来像:
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations:
meta.helm.sh/release-name: myapp-develop
meta.helm.sh/release-namespace: myapp-beta
creationTimestamp: "2023-11-17T11:15:45Z"
labels:
app.kubernetes.io/managed-by: Helm
name: helm
namespace: myapp-beta
rules:
- apiGroups:
- ""
- apps
- autoscaling
- batch
- extensions
- networking.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- get
- patch
或者请告诉我如何以不同的方式做到这一点?
使用正则表达式解决了这个问题: kubectl get role -A | grep 舵 | awk '{print " --namespace=" $1}' | xargs -l1 kubectl 补丁角色 helm --patch '{"rules": [{"apiGroups": ["","apps","autoscaling","batch","extensions","networking.k8s.io"] ,"资源": [" "],"动词": [" "]},{"apiGroups": ["rbac.authorization.k8s.io"],"资源": ["角色绑定","角色"] ,"verbs": ["get","patch","create"]}]}'