通过k8s请求selfsubjectrulesreviews查询权限

当前是通过kubelet进行查询

curl --cacert /etc/kubernetes/pki/ca.crt \

--cert /var/lib/kubelet/pki/kubelet-client-current.pem \

--key /var/lib/kubelet/pki/kubelet-client-current.pem \

-d @- \

-H "Content-Type: application/json" \

-H 'Accept: application/json, */*' \

-XPOST https://10.211.55.6:6443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews <<'EOF'

{

"kind":"SelfSubjectRulesReview",

"apiVersion":"authorization.k8s.io/v1",

"metadata":{

"creationTimestamp":null

"spec":{

"namespace":"default"

"status":{

}

EOF

package mainimport ("context""fmt""os"authorizationv1 "k8s.io/api/authorization/v1"metav1 "k8s.io/apimachinery/pkg/apis/meta/v1""k8s.io/client-go/kubernetes""k8s.io/client-go/tools/clientcmd"
)func main() {// 加载 kubeconfig 文件kubeconfig := os.Getenv("KUBECONFIG")if kubeconfig == "" {kubeconfig = os.Getenv("HOME") + "/.kube/config"}config, err := clientcmd.BuildConfigFromFlags("", kubeconfig)if err != nil {panic(err.Error())}c, err := kubernetes.NewForConfig(config)if err != nil {fmt.Print(err)}sar := &authorizationv1.SelfSubjectRulesReview{Spec: authorizationv1.SelfSubjectRulesReviewSpec{Namespace: "default",},}r, err := c.AuthorizationV1().SelfSubjectRulesReviews().Create(context.TODO(), sar, metav1.CreateOptions{})if err != nil {fmt.Print(err)}println(r)}

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/pingmian/69455.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！