psql (14.2 (Debian 14.2-1.pgdg110+1)) Type "help" for help.
postgres=#
2. 계정 및 권한 확인
- `\du`
postgres=# \du List of roles Role name | Attributes | Member of -----------+------------------------------------------------------------+----------- postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
3. 계정 생성
- `CREATE USER [username] WITH LOGIN PASSWORD '[password]';`
postgres=# CREATE USER whatwant WITH LOGIN PASSWORD 'xxxxxxxx';
CREATE ROLE
postgres=# \du List of roles Role name | Attributes | Member of -----------+------------------------------------------------------------+----------- postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {} whatwant | | {}
▶ Attributes of ROLE
- 기본값은 `NO-` 속성들이다.
SUPERUSER or NOSUPERUSER
SUPERUSER 여부
CREATEDB or NOCREATEDB
DATABASE를 만들 수 있는 권한
CREATEROLE or NOCREATEROLE
ROLE을 만들 수 있는 권한
LOGIN or NOLOGIN
LOGIN 허용 여부
INHERIT or NOINHERIT
상속 가능 여부
REPLICATION or NOREPLICATION
복제 권한
BYPASSRLS or NOBYPASSRLS
RLS(Row-Level Security) 무시 여부
PASSWORD [password]
패스워드
VALID UNTIL [timestamp]
패스워드의 유효기간
IN ROLE [role_name] or IN GROUP [role_name]
지정한 ROLE의 구성원으로 포함
ROLE [role_name] or GROUP [role_name]
지정한 ROLE 부여
ADMIN [role_name]
윗 줄의 ROLE 속성 + WITH ADMIN
4. 권한 부여
- DATABASE를 하나 생성하고 그에 따른 권한을 부여해보자
postgres=# CREATE DATABASE my_db WITH OWNER whatwant ENCODING 'UTF8';
CREATE DATABASE
postgres=# GRANT ALL PRIVILEGES ON DATABASE my_db TO whatwant; GRANT
master$ kubectl cluster-info Kubernetes control plane is running at https://127.0.0.1:6443
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
master$ kubectl get nodes NAME STATUS ROLES AGE VERSION node1 Ready control-plane,master 14m v1.20.7 node2 NotReady <none> 13m v1.20.7 node3 NotReady <none> 13m v1.20.7
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.1. Latest validated version: 19.03
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local master-stg] and IPs [10.96.0.1 192.168.100.119]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master-stg] and IPs [192.168.100.119 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master-stg] and IPs [192.168.100.119 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 13.002889 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.20" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master-stg as control-plane by adding the labels "node-role.kubernetes.io/master=''" and "node-role.kubernetes.io/control-plane='' (deprecated)"
[mark-control-plane] Marking the node master-stg as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: t4tcwj.22xh9lzstu56qyrb