访问和身份验证

  • 2021年11月24日
  • 0答复
  • 26观点
r
秩
UserLevel 2
徽章 +4

具有“ Prism Admin”角色的Prism Central(PC)管理员可以完全访问Karbon及其功能。执行大多数KarbonCTL操作都需要管理特权。没有“ Prism Admin”角色(集群管理员和查看器)的PC Admins只能访问Karbon下载Kubeconfig,并且无法执行任何其他管理任务。有关分配角色的步骤,请参见Prism Web控制台指南中的“用户管理”。

Nutanix需要将Karbon用户配置为Prism的目录服务。有关配置目录服务的说明,请参见Prism Web控制台指南中的安全管理。

设置和测试群集后,配置基于角色的访问控制(RBAC),请参见Kubernetes文档以获取参考。

访问锁定节点

Karbon保护群集中的所有节点。您可以使用短暂证书访问Kubernetes群集中的节点,该证书在24小时后到期。执行以下步骤获取证书。

程序

  1. 在簇视图中,选择目标群集。

  2. 点击SSH访问按钮。

  3. 在里面节点SSH访问窗口,单击下载要下载并将SSH访问脚本保存到您的客户端。

ljv8pgbao6LXytckj8LUnwdeVB6HfJzSr_gXvcLSIY5V_2mGF0E234haSBzbquw7ySodDNTKJisKwH2mdipZli8zHwyAiBHo6Nl_dr_jjKJlnalAonLjJ36bFKv-goaBb5Rtz2i9

4.运行以下命令。sh -ssh-access.sh。

5.提示时,请输入群集中任何节点的IP以访问所有节点。Karbon授予用户一个私钥。

6.使用命令行作为Nutanix用户登录到目标节点。



拉阿吉
\u00a0<\/h1>

Prism Central (PC) administrators with the \"Prism Admin '' role have full access to Karbon and its functionalities. Performing most karbonctl operations requires admin privileges. PC admins that do not have the \"Prism Admin '' role (Cluster Admin and Viewer) can only access Karbon to download the kubeconfig and cannot perform any other administrative tasks. See \"User Management\" in the Prism Web Console Guide for steps on assigning roles.<\/span><\/p>

Nutanix requires configuring Karbon users for a directory service in Prism. See Security Management in the Prism Web Console Guide for directions on configuring a directory service.<\/span><\/p>

After setting up and testing your cluster, configure role-based access control (RBAC), see Kubernetes documentation for reference.<\/span><\/p>

\u00a0<\/p>

Accessing Locked nodes<\/span><\/strong><\/p>

Karbon protects all nodes in a cluster. You can access nodes in a Kubernetes cluster using an ephemeral certificate, which expires after 24-hours. Perform the following steps to get a certificate.<\/span><\/p>

\u00a0<\/p>

Procedure<\/p>

  1. \t

    In the Clusters view, select the target cluster.<\/span><\/p>\t<\/li>\t

  2. \t

    Click the<\/span> SSH Access<\/strong> button.<\/span><\/p>\t<\/li>\t

  3. \t

    In the <\/span>Node SSH Access<\/strong> window, click <\/span>Download<\/strong> to download and save the SSH access script to your client.<\/span><\/p>\t<\/li><\/ol>

    \"ljv8pgbao6LXytckj8LUnwdeVB6HfJzSr_gXvcLSIY5V_2mGF0E234haSBzbquw7ySodDNTKJisKwH2mdipZli8zHwyAiBHo6Nl_dr_jjKJlnalAonLjJ36bFKv-goaBb5Rtz2i9\"<\/span><\/p>

    4. Run the following command. sh <cluster_name>-ssh-access.sh.<\/span><\/p>

    5. When prompted, enter the IP of any node in the cluster to get access to all nodes. Karbon grants the user a private key.<\/span><\/p>

    6. Log on to the target node as a Nutanix user using the command line.<\/span><\/p>



    \u00a0<\/p>","quoteUsername":"raaji","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

0答复

做第一个回复的人!

回复


Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu