Add mysql cluster operator and rbac in sample
This commit is contained in:
parent
e7e44fdee3
commit
e103078eab
GPG Key ID:
3C7CF22A05D95490
15
mysql/mysql-cluster.yaml
Normal file
15
mysql/mysql-cluster.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: mysql
|
||||
---
|
||||
apiVersion: mysql.oracle.com/v2alpha1
|
||||
kind: InnoDBCluster
|
||||
metadata:
|
||||
name: mysql-cluster
|
||||
namespace: mysql
|
||||
spec:
|
||||
secretName: mysql-secret
|
||||
instances: 3
|
||||
router:
|
||||
instances: 1
|
||||
1
rbac/.gitignore
vendored
Normal file
1
rbac/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
developer-user.yaml
|
||||
74
rbac/README.md
Normal file
74
rbac/README.md
Normal file
@ -0,0 +1,74 @@
|
||||
# Create RBAC for specific namespace
|
||||
|
||||
- Apply RBAC for specific namespace
|
||||
|
||||
```shell
|
||||
k apply -f access.yaml
|
||||
```
|
||||
|
||||
- Get Details of RBAC
|
||||
|
||||
```shell
|
||||
k describe sa developer -n developer-dev
|
||||
```
|
||||
|
||||
- Get Token from RBAC
|
||||
|
||||
```shell
|
||||
k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data.token}" | base64 -d
|
||||
```
|
||||
|
||||
- Get Certificate from RBAC
|
||||
|
||||
```shell
|
||||
k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data['ca\.crt']}"
|
||||
```
|
||||
|
||||
- Create kube config file
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Config
|
||||
preferences: {}
|
||||
cluster:
|
||||
certificate-authority-data: PLACE CERTIFICATE HERE
|
||||
server: https://YOUR_KUBERNETES_API_ENDPOINT
|
||||
name: developer-cluster
|
||||
|
||||
users:
|
||||
- name: developer
|
||||
user:
|
||||
as-user-extra: {}
|
||||
client-key-data: PLACE CERTIFICATE HERE
|
||||
token: PLACE USER TOKEN HERE
|
||||
|
||||
contexts:
|
||||
- context:
|
||||
cluster: kubernetes
|
||||
namespace: developer-dev
|
||||
user: developer
|
||||
name: developer-dev
|
||||
|
||||
current-context: developer-dev
|
||||
clusters:
|
||||
- cluster:
|
||||
certificate-authority-data: PLACE CERTIFICATE HERE
|
||||
server: https://YOUR_KUBERNETES_API_ENDPOINT
|
||||
name: developer-cluster
|
||||
|
||||
users:
|
||||
- name: developer
|
||||
user:
|
||||
as-user-extra: {}
|
||||
client-key-data: PLACE CERTIFICATE HERE
|
||||
token: PLACE USER TOKEN HERE
|
||||
|
||||
contexts:
|
||||
- context:
|
||||
cluster: kubernetes
|
||||
namespace: developer-dev
|
||||
user: developer
|
||||
name: developer-dev
|
||||
|
||||
current-context: developer-dev
|
||||
```
|
||||
43
rbac/access.yaml
Normal file
43
rbac/access.yaml
Normal file
@ -0,0 +1,43 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
labels:
|
||||
app: developer-dev
|
||||
name: developer-dev
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: developer
|
||||
namespace: developer-dev
|
||||
|
||||
---
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: developer-full-access
|
||||
namespace: developer-dev
|
||||
rules:
|
||||
- apiGroups: ["", "extensions", "apps"]
|
||||
resources: ["*"]
|
||||
verbs: ["*"]
|
||||
- apiGroups: ["batch"]
|
||||
resources:
|
||||
- jobs
|
||||
- cronjobs
|
||||
verbs: ["*"]
|
||||
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: developer-view
|
||||
namespace: developer-dev
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: developer
|
||||
namespace: developer-dev
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: developer-full-access
|
||||
Loading…
Reference in New Issue
Block a user