tk/Ocelot
1
0
Fork 0
mirror of https://github.com/nsnail/Ocelot.git synced 2025-04-22 06:22:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update kubernetes.rst

Browse Source
This commit is contained in:
geffzhang 2019-05-13 13:05:12 +08:00 committed by GitHub
parent d43383ba8d
commit 5cf873eb52
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/features/kubernetes.rst
View File

@ -14,7 +14,7 @@ Then add the following to your ConfigureServices method.
s.AddOcelot() s.AddOcelot()
.AddKubernetes(); .AddKubernetes();
If you have services deployed in kubernetes you will normally use the naming service to access them. If you have services deployed in kubernetes you will normally use the naming service to access them. Default usePodServiceAccount = True, which means that ServiceAccount using Pod to access the service of the k8s cluster needs to be ServiceAccount based on RABC authorization
.. code-block::csharp .. code-block::csharp
public static class OcelotBuilderExtensions public static class OcelotBuilderExtensions
@ -22,15 +22,11 @@ If you have services deployed in kubernetes you will normally use the naming ser
public static IOcelotBuilder AddKubernetes(this IOcelotBuilder builder, bool usePodServiceAccount = true); public static IOcelotBuilder AddKubernetes(this IOcelotBuilder builder, bool usePodServiceAccount = true);
} }
Default usePodServiceAccount = True, which means that ServiceAccount using Pod to access the service of the k8s cluster needs to be ServiceAccount based on RABC authorization, you can replicate a Permissive. Using RBAC role bindings. You can replicate a Permissive. Using RBAC role bindings.
`Permissive RBAC Permissions <https://kubernetes.io/docs/reference/access-authn-authz/rbac/#permissive-rbac-permissions>`, k8s api server and token will read from pod . `Permissive RBAC Permissions <https://kubernetes.io/docs/reference/access-authn-authz/rbac/#permissive-rbac-permissions>`_, k8s api server and token will read from pod .
.. code-block::json .. code-block::json
kubectl create clusterrolebinding permissive-binding \ kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin --user=admin --user=kubelet --group=system:serviceaccounts
--clusterrole=cluster-admin \
--user=admin \
--user=kubelet \
--group=system:serviceaccounts
The following example shows how to set up a ReRoute that will work in kubernetes. The most important thing is the ServiceName which is made up of the The following example shows how to set up a ReRoute that will work in kubernetes. The most important thing is the ServiceName which is made up of the
kubernetes service name. We also need to set up the ServiceDiscoveryProvider in GlobalConfiguration. The example here shows a typical configuration. kubernetes service name. We also need to set up the ServiceDiscoveryProvider in GlobalConfiguration. The example here shows a typical configuration.