mirror of
https://github.com/kubesphere/website.git
synced 2025-12-26 00:12:48 +00:00
KubeSphere CI Bot
GitHub
commit
61de78d790
|
|
@ -132,19 +132,22 @@ Generally, there is always a LoadBalancer solution in the public cloud, and the
|
|||
|
||||
{{< tab "No LoadBalancer available in your cluster" >}}
|
||||
|
||||
1. If you cannot see a corresponding address displayed (`EXTERNAL-IP` is `pending`), you need to manually set the proxy address. For example, you have an available public IP address `139.198.120.120`, and port `8080` of **this IP address has been forwarded to port** `30721` of the cluster. Execute the following command to check the service.
|
||||
```
|
||||
1. Run the following command to check the service:
|
||||
|
||||
```shell
|
||||
kubectl -n kubesphere-system get svc
|
||||
```
|
||||
|
||||
The output is similar to this:
|
||||
In this sample, `NodePort` is `30721`.
|
||||
```
|
||||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||
tower LoadBalancer 10.233.63.191 <pending> 8080:30721/TCP 16h
|
||||
```
|
||||
|
||||
2. Add the value of `proxyPublishAddress` to the configuration file of `ks-installer` and provide the public IP address (`139.198.120.120` in this tutorial) and port number as follows.
|
||||
2. If `EXTERNAL-IP` is `pending`, you need to manually set the proxy address. For example, if your public IP address is `139.198.120.120`, you need to expose port (for example, `8080`) of this public IP address to <NodeIP>:<NodePort>.
|
||||
|
||||
3. Add the value of `proxyPublishAddress` to the configuration file of `ks-installer` and provide the public IP address (`139.198.120.120` in this tutorial) and port number as follows.
|
||||
|
||||
- Option A - Use the web console:
|
||||
|
||||
|
|
@ -164,7 +167,7 @@ Generally, there is always a LoadBalancer solution in the public cloud, and the
|
|||
proxyPublishAddress: http://139.198.120.120:8080 # Add this line to set the address to access tower
|
||||
```
|
||||
|
||||
3. Save the configuration and wait for a while, or you can manually restart `ks-apiserver` to make the change effective immediately using the following command.
|
||||
4. Save the configuration and wait for a while, or you can manually restart `ks-apiserver` to make the change effective immediately using the following command.
|
||||
|
||||
```shell
|
||||
kubectl -n kubesphere-system rollout restart deployment ks-apiserver
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ linkTitle: "Create Workspaces, Projects, Users and Roles"
|
|||
weight: 2300
|
||||
---
|
||||
|
||||
This quickstart demonstrates how to create workspaces, roles and user accounts which are required for other tutorials. Meanwhile, you will learn how to create projects and DevOps projects within your workspace where your workloads are running. After this tutorial, you will become familiar with the multi-tenant management system of KubeSphere.
|
||||
This quickstart demonstrates how to create workspaces, roles and users which are required for other tutorials. Meanwhile, you will learn how to create projects and DevOps projects within your workspace where your workloads are running. After reading this tutorial, you will become familiar with the multi-tenant management system of KubeSphere.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
|
|
@ -24,15 +24,15 @@ You can create multiple workspaces within a KubeSphere cluster. Under each works
|
|||
|
||||
### Step 1: Create a user
|
||||
|
||||
After KubeSphere is installed, you need to add different users with varied roles to the platform so that they can work at different levels on various resources. Initially, you only have one default user, which is `admin`, granted the role `platform-admin`. In the first step, you create a user `user-manager` and further create more users as `user-manager`.
|
||||
After KubeSphere is installed, you need to add different users with varied roles to the platform so that they can work at different levels on various resources. Initially, you only have one default user, which is `admin`, granted the role `platform-admin`. In the first step, you create a sample user `user-manager` and further create more users as `user-manager`.
|
||||
|
||||
1. Log in to the web console as `admin` with the default account and password (`admin/P@88w0rd`).
|
||||
1. Log in to the web console as `admin` with the default user and password (`admin/P@88w0rd`).
|
||||
|
||||
{{< notice tip >}}
|
||||
For account security, it is highly recommended that you change your password the first time you log in to the console. To change your password, select **User Settings** in the drop-down list in the upper-right corner. In **Password Settings**, set a new password. You also can change the console language in **User Settings**.
|
||||
{{</ notice >}}
|
||||
|
||||
2. Click **Platform** in the upper-left corner, and then select **Access Control**. In the left nevigation pane, select **Platform Roles**. There are four built-in roles as shown in the following table.
|
||||
2. Click **Platform** in the upper-left corner, and then select **Access Control**. In the left nevigation pane, select **Platform Roles**. There are four built-in roles, as shown in the following table.
|
||||
|
||||
<table>
|
||||
<tbody>
|
||||
|
|
@ -64,22 +64,23 @@ After KubeSphere is installed, you need to add different users with varied roles
|
|||
Built-in roles are created automatically by KubeSphere and cannot be edited or deleted.
|
||||
{{</ notice >}}
|
||||
|
||||
3. In **Users**, click **Create**. In the displayed dialog box, provide all the necessary information (marked with *) and select `users-manager` for **Role**. Refer to the following image as an example.
|
||||
3. In **Users**, click **Create**. In the displayed dialog box, provide all the necessary information (marked with *) and select `users-manager` for **Platform Role**.
|
||||
|
||||
Click **OK** after you finish. The new account will display on the **Users** page.
|
||||
Click **OK** after you finish. The new user will display on the **Users** page.
|
||||
|
||||
4. Log out of the console and log back in with the account `user-manager` to create four accounts that will be used in other tutorials.
|
||||
4. Log out of the console and log back in with user `user-manager` to create four users that will be used in other tutorials.
|
||||
|
||||
{{< notice tip >}}
|
||||
To log out, click your username in the upper-right corner and select **Log Out**.
|
||||
- To log out, click your username in the upper-right corner and select **Log Out**.
|
||||
- The following usernames are for example only. You can change them as needed.
|
||||
{{</ notice >}}
|
||||
|
||||
<table>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th width='140'>Account</th>
|
||||
<th width='160'>Role</th>
|
||||
<th>Description</th>
|
||||
<th width='140'>User</th>
|
||||
<th width='180'>Assigned Platform Role</th>
|
||||
<th>User Permissions</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ws-manager</code></td>
|
||||
|
|
@ -89,28 +90,28 @@ After KubeSphere is installed, you need to add different users with varied roles
|
|||
<tr>
|
||||
<td><code>ws-admin</code></td>
|
||||
<td><code>platform-regular</code></td>
|
||||
<td>Manage all resources in a specified workspace (This account is used to invite new members to a workspace in this example).</td>
|
||||
<td>Manage all resources in a workspace after being invited to the workspace (This user is used to invite new members to a workspace in this example).</td>
|
||||
</tr><tr>
|
||||
<td><code>project-admin</code></td>
|
||||
<td><code>platform-regular</code></td>
|
||||
<td>Create and manage projects and DevOps projects, and invite new members into the projects.</td>
|
||||
<td>Create and manage projects and DevOps projects, and invite new members to the projects.</td>
|
||||
</tr><tr>
|
||||
<td><code>project-regular</code></td>
|
||||
<td><code>platform-regular</code></td>
|
||||
<td><code>project-regular</code> will be invited to a project or DevOps project by <code>project-admin</code>. This account will be used to create workloads, pipelines and other resources in a specified project.</td>
|
||||
<td><code>project-regular</code> will be invited to a project or DevOps project by <code>project-admin</code>. This user will be used to create workloads, pipelines and other resources in a specified project.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
5. Verify the four accounts created.
|
||||
5. On **Users** page, verify the four users created.
|
||||
|
||||
### Step 2: Create a workspace
|
||||
|
||||
In this step, you create a workspace using the account `ws-manager` created in the previous step. As the basic logic unit for the management of projects, DevOps projects and organization members, workspaces underpin the multi-tenant system of KubeSphere.
|
||||
In this step, you create a workspace using user `ws-manager` created in the previous step. As the basic logic unit for the management of projects, DevOps projects and organization members, workspaces underpin the multi-tenant system of KubeSphere.
|
||||
|
||||
1. Log in to KubeSphere as `ws-manager` which has the permission to manage all workspaces on the platform. Click **Platform** in the upper-left corner and select **Access Control**. In **Workspaces**, you can see there is only one default workspace `system-workspace`, where system-related components and services run. You are not allowed to delete this workspace.
|
||||
1. Log in to KubeSphere as `ws-manager`. Click **Platform** in the upper-left corner and select **Access Control**. In **Workspaces**, you can see there is only one default workspace `system-workspace`, where system-related components and services run. Deleting this workspace is not allowed.
|
||||
|
||||
2. Click **Create** on the right, set a name for the new workspace (for example, `demo-workspace`) and set the user `ws-admin` as the workspace manager. Click **Create** after you finish.
|
||||
2. Click **Create** on the right, set a name for the new workspace (for example, `demo-workspace`) and set user `ws-admin` as the workspace manager. Click **Create** after you finish.
|
||||
|
||||
{{< notice note >}}
|
||||
|
||||
|
|
@ -131,46 +132,46 @@ The actual role name follows a naming convention: `<workspace name>-<role name>`
|
|||
<table>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th width='150'>Account</th>
|
||||
<th width='150'>Role</th>
|
||||
<th>Description</th>
|
||||
<th width='150'>User</th>
|
||||
<th width='200'>Assigned Workspace Role</th>
|
||||
<th>Role Permissions</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ws-admin</code></td>
|
||||
<td><code>workspace-admin</code></td>
|
||||
<td>Manage all resources under the workspace (use this account to invite new members to the workspace).</td>
|
||||
<td><code>demo-workspace-admin</code></td>
|
||||
<td>Manage all resources under the workspace (use this user to invite new members to the workspace).</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>project-admin</code></td>
|
||||
<td><code>workspace-self-provisioner</code></td>
|
||||
<td><code>demo-workspace-self-provisioner</code></td>
|
||||
<td>Create and manage projects and DevOps projects, and invite new members to join the projects.</td>
|
||||
</tr><tr>
|
||||
<td><code>project-regular</code></td>
|
||||
<td><code>workspace-viewer</code></td>
|
||||
<td><code>project-regular</code> will be invited by <code>project-admin</code> to join a project or DevOps project. The account can be used to create workloads, pipelines, etc.</td>
|
||||
<td><code>demo-workspace-viewer</code></td>
|
||||
<td><code>project-regular</code> will be invited by <code>project-admin</code> to join a project or DevOps project. The user can be used to create workloads, pipelines, etc.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
### Step 3: Create a project
|
||||
|
||||
In this step, you create a project using the account `project-admin` created in the previous step. A project in KubeSphere is the same as a namespace in Kubernetes, which provides virtual isolation for resources. For more information, see [Namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/).
|
||||
In this step, you create a project using user `project-admin` created in the previous step. A project in KubeSphere is the same as a namespace in Kubernetes, which provides virtual isolation for resources. For more information, see [Namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/).
|
||||
|
||||
1. Log in to KubeSphere as `project-admin`. In **Projects**, click **Create**.
|
||||
|
||||
2. Enter the project name (for example, `demo-project`) and click **OK** to finish. You can also add an alias and description for the project.
|
||||
2. Enter the project name (for example, `demo-project`) and click **OK**. You can also add an alias and description for the project.
|
||||
|
||||
3. In **Projects**, click the project created just now to view its detailed information.
|
||||
|
||||
4. On the **Overview** page of the project, the project quota remains unset by default. You can click **Edit Quotas** and specify [resource requests and limits](../../workspace-administration/project-quotas/) as needed (for example, 1 core for CPU and 1000Gi for memory).
|
||||
|
||||
5. Invite `project-regular` to this project and grant this user the role `operator`.
|
||||
5. Invite `project-regular` to this project and grant this user role `operator`.
|
||||
|
||||
{{< notice info >}}
|
||||
The user granted the role `operator` is a project maintainer who can manage resources other than users and roles in the project.
|
||||
The user granted role `operator` is a project maintainer who can manage resources other than users and roles in the project.
|
||||
{{</ notice >}}
|
||||
|
||||
6. Before creating a [Route](../../project-user-guide/application-workloads/routes/) which is [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) in Kubernetes, you need to enable a gateway for this project. The gateway is an [NGINX Ingress controller](https://github.com/kubernetes/ingress-nginx) running in the project. To set a gateway, go to **Gateway Settings** in **Project Settings** and click **Enable Gateway**. The account `project-admin` is still used in this step.
|
||||
6. Before creating a [Route](../../project-user-guide/application-workloads/routes/) which is [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) in Kubernetes, you need to enable a gateway for this project. The gateway is an [NGINX Ingress controller](https://github.com/kubernetes/ingress-nginx) running in the project. To set a gateway, go to **Gateway Settings** in **Project Settings** and click **Enable Gateway**. User `project-admin` is still used in this step.
|
||||
|
||||
7. Select the access method **NodePort** and click **OK**.
|
||||
|
||||
|
|
@ -207,7 +208,7 @@ After you finish the above steps, you know that users can be granted different r
|
|||
{{< notice note >}}
|
||||
|
||||
* In this example, the role `clusters-admin` contains the permissions **Cluster Management** and **Cluster Viewing**.
|
||||
* Some permissions depend on other permissions. The dependency is specified by the **Depends on** field under each permission.
|
||||
* Some permissions are interdependent. The dependency is specified by the **Depends on** field under each permission.
|
||||
* When a permission is selected, the permission it depends on is automatically selected.
|
||||
* To deselect a permission, you need to deselect its subordinate permissions first.
|
||||
|
||||
|
|
@ -215,7 +216,7 @@ After you finish the above steps, you know that users can be granted different r
|
|||
|
||||
5. On the **Platform Roles** page, you can click the name of the created role to view the role details and click <img src="/images/docs/quickstart/create-workspaces-projects-accounts/operation-icon.png" width="20px" align="center"> to edit the role, edit the role permissions, or delete the role.
|
||||
|
||||
6. On the **Users** page, you can assign the role to an account when you create an account or edit an existing account.
|
||||
6. On the **Users** page, you can assign the role to a user when you create a user or edit an existing user.
|
||||
|
||||
|
||||
### Step 5: Create a DevOps project (Optional)
|
||||
|
|
@ -232,6 +233,6 @@ To create a DevOps project, you must install the KubeSphere DevOps system in adv
|
|||
|
||||
3. In **DevOps Projects**, click the project created just now to view its detailed information.
|
||||
|
||||
4. Go to **Project Management** and select **Project Members**. Click **Invite** to grant `project-regular` the role of `operator`, who is allowed to create pipelines and credentials.
|
||||
4. Go to **Project Management** and select **Project Members**. Click **Invite** to invite user `project-regular` and grant the role `operator`, who is allowed to create pipelines and credentials.
|
||||
|
||||
You are now familiar with the multi-tenant management system of KubeSphere. In other tutorials, the account `project-regular` will also be used to demonstrate how to create applications and resources in a project or DevOps project.
|
||||
You are now familiar with the multi-tenant management system of KubeSphere. In other tutorials, user `project-regular` will also be used to demonstrate how to create applications and resources in a project or DevOps project.
|
||||
|
|
|
|||
|
|
@ -128,19 +128,21 @@ tower LoadBalancer 10.233.63.191 139.198.110.23 8080:30721/TCP
|
|||
|
||||
{{< tab "集群中没有可用的 LoadBalancer" >}}
|
||||
|
||||
1. 如果在 Tower 服务下没有显示相应的地址(`EXTERNAL-IP` 处于 `pending` 状态),则需要手动设置代理地址。例如,您有一个可用的公有 IP 地址 `139.198.120.120`,并且**此 IP 地址的端口** `8080` **被转发到集群的端口** `30721`。执行以下命令来检查服务。
|
||||
1. 执行以下命令来检查服务。
|
||||
|
||||
```shell
|
||||
kubectl -n kubesphere-system get svc
|
||||
```
|
||||
|
||||
命令输出结果可能如下所示:
|
||||
命令输出结果可能如下所示。在此示例中,可以看出 `NodePort` 为 `30721`:
|
||||
```
|
||||
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||
tower LoadBalancer 10.233.63.191 <pending> 8080:30721/TCP 16h
|
||||
```
|
||||
|
||||
2. 将 `proxyPublishAddress` 的值添加到 `ks-installer` 的配置文件中,并按如下所示输入公有 IP 地址(此处示例 `139.198.120.120`)和端口号。
|
||||
2. 由于 `EXTERNAL-IP` 处于 `pending` 状态,您需要手动设置代理地址。例如,如果您的公有 IP 地址为 `139.198.120.120`,则需要将公网 IP 的端口,如`8080` 转发到 `NodeIP`:`NodePort`。
|
||||
|
||||
3. 将 `proxyPublishAddress` 的值添加到 `ks-installer` 的配置文件中,并按如下所示输入公有 IP 地址(此处示例 `139.198.120.120`)和端口号。
|
||||
|
||||
- 选项 A - 使用 Web 控制台:
|
||||
|
||||
|
|
@ -160,7 +162,7 @@ tower LoadBalancer 10.233.63.191 139.198.110.23 8080:30721/TCP
|
|||
proxyPublishAddress: http://139.198.120.120:8080 # Add this line to set the address to access tower
|
||||
```
|
||||
|
||||
3. 保存配置并稍等片刻,或者您可以运行以下命令手动重启 `ks-apiserver` 使修改立即生效。
|
||||
4. 保存配置并稍等片刻,或者您可以运行以下命令手动重启 `ks-apiserver` 使修改立即生效。
|
||||
|
||||
```shell
|
||||
kubectl -n kubesphere-system rollout restart deployment ks-apiserver
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ KubeSphere 的多租户系统分**三个**层级,即集群、企业空间和
|
|||
|
||||
### 步骤 1:创建用户
|
||||
|
||||
安装 KubeSphere 之后,您需要向平台添加具有不同角色的用户,以便他们可以针对自己授权的资源在不同的层级进行工作。一开始,系统默认只有一个用户 `admin`,具有 `platform-admin` 角色。在本步骤中,您将创建一个用户 `user-manager`,然后使用 `user-manager` 创建新用户。
|
||||
安装 KubeSphere 之后,您需要向平台添加具有不同角色的用户,以便他们可以针对自己授权的资源在不同的层级进行工作。一开始,系统默认只有一个用户 `admin`,具有 `platform-admin` 角色。在本步骤中,您将创建一个示例用户 `user-manager`,然后使用 `user-manager` 创建新用户。
|
||||
|
||||
1. 以 `admin` 身份使用默认帐户和密码 (`admin/P@88w0rd`) 登录 Web 控制台。
|
||||
|
||||
|
|
@ -64,22 +64,23 @@ KubeSphere 的多租户系统分**三个**层级,即集群、企业空间和
|
|||
内置角色由 KubeSphere 自动创建,无法编辑或删除。
|
||||
{{</ notice >}}
|
||||
|
||||
3. 在**用户**中,点击**创建**。在弹出的对话框中,提供所有必要信息(带有*标记),然后在**角色**一栏选择 `users-manager`。请参考下图示例。
|
||||
3. 在**用户**中,点击**创建**。在弹出的对话框中,提供所有必要信息(带有*标记),然后在**平台角色**一栏选择 `users-manager`。
|
||||
|
||||
完成后,点击**确定**。新创建的帐户将显示在**用户**中的帐户列表中。
|
||||
完成后,点击**确定**。新创建的用户将显示在**用户**页面。。
|
||||
|
||||
4. 切换帐户使用 `user-manager` 重新登录,创建如下四个新帐户,这些帐户将在其他的教程中使用。
|
||||
4. 切换用户使用 `user-manager` 重新登录,创建如下四个新用户,这些用户将在其他的教程中使用。
|
||||
|
||||
{{< notice tip >}}
|
||||
帐户登出请点击右上角的用户名,然后选择**登出**。
|
||||
- 帐户登出请点击右上角的用户名,然后选择**登出**。
|
||||
- 下面仅为示例用户名,请根据实际情况修改。
|
||||
{{</ notice >}}
|
||||
|
||||
<table>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th width='140'>帐户</th>
|
||||
<th width='160'>角色</th>
|
||||
<th>描述</th>
|
||||
<th width='140'>用户</th>
|
||||
<th> 指定的平台角色</th>
|
||||
<th width='300'>用户权限</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ws-manager</code></td>
|
||||
|
|
@ -89,7 +90,7 @@ KubeSphere 的多租户系统分**三个**层级,即集群、企业空间和
|
|||
<tr>
|
||||
<td><code>ws-admin</code></td>
|
||||
<td><code>platform-regular</code></td>
|
||||
<td>管理指定企业空间中的所有资源(在此示例中,此帐户用于邀请新成员加入该企业空间)。</td>
|
||||
<td>被邀请到企业空间后,管理该企业空间中的所有资源(在此示例中,此用户用于邀请新成员加入该企业空间)。</td>
|
||||
</tr><tr>
|
||||
<td><code>project-admin</code></td>
|
||||
<td><code>platform-regular</code></td>
|
||||
|
|
@ -97,19 +98,19 @@ KubeSphere 的多租户系统分**三个**层级,即集群、企业空间和
|
|||
</tr><tr>
|
||||
<td><code>project-regular</code></td>
|
||||
<td><code>platform-regular</code></td>
|
||||
<td><code>project-regular</code> 将由 <code>project-admin</code> 邀请至项目或 DevOps 项目。该帐户将用于在指定项目中创建工作负载、流水线和其他资源。</td>
|
||||
<td><code>project-regular</code> 将由 <code>project-admin</code> 邀请至项目或 DevOps 项目。该用户将用于在指定项目中创建工作负载、流水线和其他资源。</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
5. 查看创建的四个帐户。
|
||||
5. 在**用户**页面,查看创建的四个用户。
|
||||
|
||||
|
||||
### 步骤 2:创建企业空间
|
||||
|
||||
在本步骤中,您需要使用上一个步骤中创建的帐户 `ws-manager` 创建一个企业空间。作为管理项目、DevOps 项目和组织成员的基本逻辑单元,企业空间是 KubeSphere 多租户系统的基础。
|
||||
在本步骤中,您需要使用上一个步骤中创建的用户 `ws-manager` 创建一个企业空间。作为管理项目、DevOps 项目和组织成员的基本逻辑单元,企业空间是 KubeSphere 多租户系统的基础。
|
||||
|
||||
1. 以 `ws-manager` 身份登录 KubeSphere,它具有管理平台上所有企业空间的权限。点击左上角的**平台管理**,选择**访问控制**。在**企业空间**中,可以看到仅列出了一个默认企业空间 `system-workspace`,即系统企业空间,其中运行着与系统相关的组件和服务,您无法删除该企业空间。
|
||||
1. 以 `ws-manager` 身份登录 KubeSphere。点击左上角的**平台管理**,选择**访问控制**。在**企业空间**中,可以看到仅列出了一个默认企业空间 `system-workspace`,即系统企业空间,其中运行着与系统相关的组件和服务,您无法删除该企业空间。
|
||||
|
||||
2. 点击右侧的**创建**,将新企业空间命名为 `demo-workspace`,并将用户 `ws-admin` 设置为企业空间管理员。完成后,点击**创建**。
|
||||
|
||||
|
|
@ -121,34 +122,34 @@ KubeSphere 的多租户系统分**三个**层级,即集群、企业空间和
|
|||
|
||||
3. 登出控制台,然后以 `ws-admin` 身份重新登录。在**企业空间设置**中,选择**企业空间成员**,然后点击**邀请**。
|
||||
|
||||
4. 邀请 `project-admin` 和 `project-regular` 进入企业空间,分别授予 `workspace-self-provisioner` 和 `workspace-viewer` 角色,点击**确定**。
|
||||
4. 邀请 `project-admin` 和 `project-regular` 进入企业空间,分别授予 `demo-workspace-self-provisioner` 和 `demo-workspace-viewer` 角色,点击**确定**。
|
||||
|
||||
{{< notice note >}}
|
||||
实际角色名称的格式:`<workspace name>-<role name>`。例如,在名为 `demo-workspace` 的企业空间中,角色 `viewer` 的实际角色名称为 `demo-workspace-viewer`。
|
||||
{{</ notice >}}
|
||||
|
||||
5. 将 `project-admin` 和 `project-regular` 都添加到企业空间后,点击**确定**。在**企业空间**中,您可以看到列出的三名成员。
|
||||
5. 将 `project-admin` 和 `project-regular` 都添加到企业空间后,点击**确定**。在**企业空间成员**中,您可以看到列出的三名成员。
|
||||
|
||||
<table>
|
||||
<tbody>
|
||||
<tr>
|
||||
<th width='150'>帐户</th>
|
||||
<th width='150'>角色</th>
|
||||
<th>描述</th>
|
||||
<th width='150'>用户</th>
|
||||
<th width='150'>分配的企业空间角色</th>
|
||||
<th>角色权限</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>ws-admin</code></td>
|
||||
<td><code>workspace-admin</code></td>
|
||||
<td>管理指定企业空间中的所有资源(在此示例中,此帐户用于邀请新成员加入企业空间)。</td>
|
||||
<td><code>demo-workspace-admin</code></td>
|
||||
<td>管理指定企业空间中的所有资源(在此示例中,此用户用于邀请新成员加入企业空间)。</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><code>project-admin</code></td>
|
||||
<td><code>workspace-self-provisioner</code></td>
|
||||
<td><code>demo-workspace-self-provisioner</code></td>
|
||||
<td>创建和管理项目以及 DevOps 项目,并邀请新成员加入项目。</td>
|
||||
</tr><tr>
|
||||
<td><code>project-regular</code></td>
|
||||
<td><code>workspace-viewer</code></td>
|
||||
<td><code>project-regular</code> 将由 <code>project-admin</code> 邀请至项目或 DevOps 项目。该帐户将用于在指定项目中创建工作负载、流水线和其他资源。</td>
|
||||
<td><code>demo-workspace-viewer</code></td>
|
||||
<td><code>project-regular</code> 将由 <code>project-admin</code> 邀请至项目或 DevOps 项目。该用户将用于在指定项目中创建工作负载、流水线和其他资源。</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
@ -159,7 +160,7 @@ KubeSphere 的多租户系统分**三个**层级,即集群、企业空间和
|
|||
|
||||
1. 以 `project-admin` 身份登录 KubeSphere Web 控制台,在**项目**中,点击**创建**。
|
||||
|
||||
2. 输入项目名称(例如 `demo-project`),然后点击**确定**完成,您还可以为项目添加别名和描述。
|
||||
2. 输入项目名称(例如 `demo-project`),点击**确定**。您还可以为项目添加别名和描述。
|
||||
|
||||
3. 在**项目**中,点击刚创建的项目查看其详情页面。
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue