apiserver 启动加上--authorization-mode=RBAC 开启rbac
会生成默认role,最高权限位cluster-admin的cluster role
再关闭rbac(不加--authorization-mode=RBAC启动apiserver)
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: User
name: 7dd70763-c067-6232-a90b-d6c1a9eef026
绑定给admin用户
再开启, 可以使用admin用户操作