å½è®¾ç½®äº§åKubernetesé群çæ¶åï¼è®¤è¯åæææ¯ä¸¤ä¸ªå¾éè¦çåºæ¬éæ±ã
å¨Kubernetesä¸å¯ä½¿ç¨çéªè¯éå¾ã
客æ·è¯ä¹¦éªè¯
为äºä½¿ç¨è¿ä¸ªæ¹æ¡ï¼apiï¼serveréè¦ç¨ï¼clientï¼caï¼fileï¼<PATH_TO_CA_CERTIFICATE_FILE>é项æ¥å¼å¯ãCA_CERTIFICATE_FILEè¯å®å æ¬ä¸ä¸ªæè å¤ä¸ªè®¤è¯ä¸å¿ï¼å¯ä»¥è¢«ç¨æ¥éªè¯åç°ç»apiï¼serverç客æ·ç«¯è¯ä¹¦ã客æ·ç«¯è¯ä¹¦çï¼CNå°ä½ä¸ºç¨æ·åã
åºäºä»¤çç身份éªè¯
为äºä½¿ç¨è¿ä¸ªæ¹æ¡ï¼apiï¼serveréè¦ç¨ï¼tokenï¼authï¼fileï¼<PATH_TO_TOKEN_FILE>é项æ¥å¼å¯ãTOKEN_FILEæ¯ä¸ªcsvæ件ï¼æ¯ä¸ªç¨æ·å ¥å£é½æä¸åæ ¼å¼ï¼tokenï¼userï¼useridï¼groupã
Groupçååæ¯éæçã
令çæ件çä¾åï¼
çætokensçä¸ä¸ªé常ç®åçæ¹æ³å°±æ¯è¿è¡ä»¥ä¸å½ä»¤ï¼
åºäºä»¤çç身份éªè¯é¢ä¸´çææå°±æ¯ï¼ä»¤çæ¯æ æéçï¼èä¸å¯¹ä»¤çæ¸ ååä»»ä½çä¿®æ¹é½éè¦éæ°å¯å¨apiï¼serverã
åºæ¬è®¤è¯
为äºä½¿ç¨è¿ä¸ªæ¹æ¡ï¼apiï¼serveréè¦ä½¿ç¨ï¼basicï¼authï¼fileï¼<PATH_TO_HTTP_AUTH>é项æ¥å¼å¯ãHTTP_AUTH_FILEæ¯ä¸ªcsvæ件ï¼æ¯ä¸ªç¨æ·å ¥å£é½æä¸åæ ¼å¼ï¼passwordï¼user nameï¼useridãç®åï¼å¯¹AUTH_FILEçä»»æä¿®é½éè¦éæ°å¯å¨apiï¼serverã
Open ID
Open IDæ¯æä¹æ¯å¯ç¨çï¼ä½æ¯è¿å¨è¯éªé¶æ®µã
Keystone
Keystoneæ¯æä¹æ¯å¯ç¨çï¼ä½æ¯è¿å¨è¯éªé¶æ®µãå¦æä½ æ³è¦å°keystoneè·LDAPæè å¨æç®å½æå¡æ´åå°ä¸èµ·ï¼é£ä¹å°±è¦ä½¿ç¨keystone认è¯æ¹æ³ã为äºä½¿ç¨è¿ä¸ªæ¹æ¡ï¼apiï¼serveréè¦ç¨ï¼experimentalï¼keystoneï¼urlï¼<KEYSTONE_URL>é项æ¥å¼å¯æå¡ãéªè¯æåä¹åï¼ä¸ä¸æ¥å°±æ¯æ¾åºå¯¹äºéªè¯ç¨æ·æ¥è¯´ï¼åªäºæä½æ¯å 许çãç®åæ¥è®²ï¼Kubernetesæ¯æ4ç§éªè¯çç¥æ¹æ¡ãapiï¼serveréè¦ä½¿ç¨ï¼authorizationï¼modeï¼<AUTHORIZATION_POLICY_NAME>é项æ¥å¼å¯ã