우선 root로 접속해준다. (권한문제 발생하지않기위해서)
aws configure
Shell
복사
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: wlstmd:readonly
rules:
- apiGroups:
- '*'
resources:
- 'pods'
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: readonly-role
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: wlstmd:readonly
subjects:
- kind: Group
name: wlstmd:readonly
apiGroup: rbac.authorization.k8s.io
YAML
복사
kubectl apply -f rbac.yaml
Shell
복사
kubectl get configmaps aws-auth -n kube-system -o yaml > aws-auth.yaml
Shell
복사
BASTION_ROLE_ARN=$(aws iam list-roles --query "Roles[?RoleName=='bastion-role'].Arn" --output text)
Shell
복사
awk -v arn="$BASTION_ROLE_ARN" '/mapRoles: \|/ { print; print " - groups:\n - wlstmd:readonly\n rolearn: " arn "\n username: readonly-role"; next }1' aws-auth.yaml > tmpfile && mv tmpfile aws-auth.yaml
Shell
복사
kubectl apply -f aws-auth.yaml --force
Shell
복사
아까 넣어준 루트 권한을 빼준다.
rm -rf ~/.aws/*
Shell
복사
Admin Setting
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: wlstmd:admin
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: wlstmd:admin
subjects:
- kind: Group
name: wlstmd:admin
apiGroup: rbac.authorization.k8s.io
YAML
복사
kubectl apply -f admin-rbac.yaml
Shell
복사
kubectl get configmaps aws-auth -n kube-system -o yaml > aws-auth.yaml
Shell
복사
BASTION_ROLE_ARN=$(aws iam list-roles --query "Roles[?RoleName=='bastion-role'].Arn" --output text)
Shell
복사
awk -v arn="$BASTION_ROLE_ARN" '/mapRoles: \|/ { print; print " - groups:\n - wlstmd:admin\n rolearn: " arn "\n username: admin"; next }1' aws-auth.yaml > tmpfile && mv tmpfile aws-auth.yaml
Shell
복사
kubectl apply -f aws-auth.yaml --force
Shell
복사
아까 넣어준 루트 권한을 빼준다.
rm -rf ~/.aws/*
Shell
복사
