kubevela
/
kubevela.github.io
mirror of https://github.com/kubevela/kubevela.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update basic 

Signed-off-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com>
This commit is contained in:
Jianbo Sun 2022-06-13 11:55:00 +08:00
parent 64c79b4f2f
commit b793558ea7
2 changed files with 9 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docs/platform-engineers/auth/basic.md
View File

@ -21,12 +21,11 @@ To enable Authentication & Authorization in your KubeVela system, you need to do
3. Make sure your version Vela CLI v1.4.1+, refer to [the installation guide](../../install#2-install-kubevela-cli).
4. (Optional) Install [vela-prism](https://github.com/kubevela/prism) through running the following commands, which will allow you to enjoy the advanced API extensions in KubeVela.
```bash
helm repo add prism https://charts.kubevela.net/prism
helm repo update
helm install vela-prism prism/vela-prism -n vela-system
```
```bash
helm repo add prism https://charts.kubevela.net/prism
helm repo update
helm install vela-prism prism/vela-prism -n vela-system
```
## Usage
@ -58,9 +57,7 @@ Signed certificate retrieved.
2. Now alice is unabled to do anything in the cluster with the given KubeConfig. We can grant her the privileges of Read/Write resources in the `dev` namespace of the control plane and managed cluster `c2`.
```bash
$ vela auth grant-privileges --user alice --for-namespace dev --for-cluster=local,c2 --create-namespace
ClusterRole kubevela:writer created in local.
RoleBinding dev/kubevela:writer:binding unchanged in local.
$ vela auth grant-privileges --user alice --for-namespace dev --for-cluster=c2 --create-namespace
ClusterRole kubevela:writer created in c2.
RoleBinding dev/kubevela:writer:binding created in c2.
Privileges granted.
@ -85,6 +82,8 @@ User=alice
Verb: get, list, watch, create, update, patch, delete
```
Alice don't have any privilege in local cluster while she have read/write capability in namespace(dev) of cluster(c2).
### Use Privileges
4. Alice can create an application in the dev namespace now. The application can also dispatch resources into the dev namespace of cluster `c2`.
@ -106,7 +105,7 @@ spec:
- type: topology
name: topology
properties:
clusters: ["local", "c2"]
clusters: ["c2"]
EOF
```
@ -136,12 +135,6 @@ Workflow:
Services:
- Name: podinfo
Cluster: local Namespace: dev
Type: webservice
Healthy Ready:1/1
No trait applied
- Name: podinfo
Cluster: c2 Namespace: dev
Type: webservice

BIN
i18n/zh/docusaurus-plugin-content-docs/current/resources/impersonation-arch.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 117 KiB