解决了

碳存储类用户

  • 2019年8月26日
  • 5回复
  • 2314的浏览量
W
我正在尝试使用Karbon配置一个新的Kubernetes集群。当进入配置存储类阶段时,系统会提示输入用户名和密码。我不确定我应该在这里输入哪个用户,因为我已经尝试了几个似乎不工作。集群设置教程视频显示了用户名“admin”,这似乎建议使用一个非常高的特权用户,这对我来说似乎没有必要。如何创建具有存储类所需的最小权限的用户?
图标

最佳答案vshuguet2019年8月27日18:35

@wfhartford<\/user-mention> ,
\n
\nThe long term solution (no dates\/times, as all of those things changes) is to bring the Volumes API, which is what the CSI driver uses to provision a PVC, up to Prism Central level, and add RBAC to that.
\n
\nUntil that happen, we're using what is available on PE, which in this case is Cluster Admin.","className":"post__content__best_answer"}">
查看原始
本主题已关闭供评论

5回复

JoseNutanix
排名
Userlevel 4
徽章 +5
您需要一个在Prism元素级别上具有集群管理角色的用户。根据您将用于存储的PE集群,您将需要一个用户。
Jose Gomez |技术营销工程师| jose.gomez@nutanix.com | @pipoe2h
W
那么存储类的最低特权用户就可以完全控制集群?这对我来说似乎有点安全风险,是否计划引入更细粒度的安全控制,以使一个受损的容器不会导致攻击者接管整个集群?
vshuguet
排名
Userlevel 1
徽章 + 4
你好 @wfhartford

长期的解决方案(没有日期/时间,因为所有这些都改变了)是引入Volumes API,这是CSI驱动程序用来提供PVC的API,直到Prism Central级别,并向其添加RBAC。

在此之前,我们使用PE上可用的资源,在本例中是Cluster Admin。
产品经理-碳簇和Kubernetes @ Nutanix
@wfhartford<\/user-mention> ,
\n
\nThe long term solution (no dates\/times, as all of those things changes) is to bring the Volumes API, which is what the CSI driver uses to provision a PVC, up to Prism Central level, and add RBAC to that.
\n
\nUntil that happen, we're using what is available on PE, which in this case is Cluster Admin.","quoteUsername":"vshuguet","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
W
好吧,很高兴知道你们有计划了。我是nutanix的新手,所以不同类型的用户和使用它们的地方有点令人困惑。不过,听起来事情正在朝着正确的方向发展。

谢谢
\n
\nThanks","quoteUsername":"wfhartford","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
vshuguet
排名
Userlevel 1
徽章 + 4
PE (Prism Element)是我们的单集群管理平面。这是我们几年前开始的地方,但它在角色/RBAC特性方面也受到了限制。

PC (Prism Central),我们的多集群管理平面,是我们所有管理功能转移的地方,也是我们所有新产品集成的地方。它具有高级的RBAC功能。

目前的情况是由于移动功能的过渡时期,过去生活在PE,到PC。
产品经理-碳簇和Kubernetes @ Nutanix
\n
\nPC (Prism Central), our multi-cluster management plane, is where we're moving all of our management features and also where all of our new products integrate. It has advanced RBAC capabilities.
\n
\nThe current situation is born because of that transition period of moving functionalities that used to live in PE, up to PC.","quoteUsername":"vshuguet","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
条款和条件
Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu