当前位置：首页 > article >正文

通过k8s请求selfsubjectrulesreviews查询权限

article 2025/2/9 13:10:06

当前是通过kubelet进行查询

curl --cacert /etc/kubernetes/pki/ca.crt \

--cert /var/lib/kubelet/pki/kubelet-client-current.pem \

--key /var/lib/kubelet/pki/kubelet-client-current.pem \

-d @- \

-H "Content-Type: application/json" \

-H 'Accept: application/json, */*' \

-XPOST https://10.211.55.6:6443/apis/authorization.k8s.io/v1/selfsubjectrulesreviews <<'EOF'

{

"kind":"SelfSubjectRulesReview",

"apiVersion":"authorization.k8s.io/v1",

"metadata":{

"creationTimestamp":null

"spec":{

"namespace":"default"

"status":{

}

EOF




package main

import (
	"context"
	"fmt"
	"os"

	authorizationv1 "k8s.io/api/authorization/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/client-go/kubernetes"
	"k8s.io/client-go/tools/clientcmd"
)

func main() {
	// 加载 kubeconfig 文件
	kubeconfig := os.Getenv("KUBECONFIG")
	if kubeconfig == "" {
		kubeconfig = os.Getenv("HOME") + "/.kube/config"
	}
	config, err := clientcmd.BuildConfigFromFlags("", kubeconfig)
	if err != nil {
		panic(err.Error())
	}

	c, err := kubernetes.NewForConfig(config)
	if err != nil {
		fmt.Print(err)
	}

	sar := &authorizationv1.SelfSubjectRulesReview{
		Spec: authorizationv1.SelfSubjectRulesReviewSpec{
			Namespace: "default",
		},
	}

	r, err := c.AuthorizationV1().SelfSubjectRulesReviews().Create(context.TODO(), sar, metav1.CreateOptions{})
	if err != nil {
		fmt.Print(err)
	}
	println(r)

}

查看全文

http://www.kler.cn/a/537879.html