feat: improved service_account docs
This commit is contained in:
parent
d33bc4b36b
commit
b8988dcd65
1 changed files with 25 additions and 32 deletions
|
|
@ -1,42 +1,38 @@
|
||||||
# Service Account
|
# Service Account
|
||||||
|
|
||||||
Lets create a service account for ci/cd activities in a new namespace.
|
Let's create a service account for CI/CD activities in a new namespace.
|
||||||
|
|
||||||
## Namespace
|
## Namespace
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
cat <<EOF | kubectl apply -f -
|
|
||||||
---
|
---
|
||||||
apiVersion: "v1"
|
apiVersion: v1
|
||||||
kind: "Namespace"
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
name: "my-namespace"
|
name: my-namespace
|
||||||
EOF
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## ServiceAccount
|
## ServiceAccount
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
cat <<EOF | kubectl apply -f -
|
|
||||||
---
|
---
|
||||||
apiVersion: "v1"
|
apiVersion: v1
|
||||||
kind: "ServiceAccount"
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: "buzz"
|
name: buzz
|
||||||
namespace: "my-namespace"
|
namespace: my-namespace
|
||||||
EOF
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Role
|
## Role
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
cat <<EOF | kubectl apply -f -
|
|
||||||
---
|
---
|
||||||
apiVersion: "rbac.authorization.k8s.io/v1"
|
---
|
||||||
kind: "Role"
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
namespace: "my-namespace"
|
namespace: my-namespace
|
||||||
name: "buzz-role"
|
name: buzz-role
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["apps"]
|
- apiGroups: ["apps"]
|
||||||
resources: ["deployments"]
|
resources: ["deployments"]
|
||||||
|
|
@ -47,39 +43,36 @@ rules:
|
||||||
- apiGroups: ["networking.k8s.io"]
|
- apiGroups: ["networking.k8s.io"]
|
||||||
resources: ["ingresses"]
|
resources: ["ingresses"]
|
||||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||||
EOF
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## RoleBinding
|
## RoleBinding
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
cat <<EOF | kubectl apply -f -
|
|
||||||
---
|
---
|
||||||
apiVersion: "rbac.authorization.k8s.io/v1"
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: "RoleBinding"
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: "buzz-binding"
|
name: buzz-binding
|
||||||
namespace: "my-namespace"
|
namespace: my-namespace
|
||||||
subjects:
|
subjects:
|
||||||
- kind: "ServiceAccount"
|
- kind: ServiceAccount
|
||||||
name: "buzz"
|
name: buzz
|
||||||
namespace: "my-namespace"
|
namespace: my-namespace
|
||||||
roleRef:
|
roleRef:
|
||||||
kind: "Role"
|
kind: Role
|
||||||
name: "buzz-role"
|
name: buzz-role
|
||||||
apiGroup: "rbac.authorization.k8s.io"
|
apiGroup: rbac.authorization.k8s.io
|
||||||
EOF
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Token and KubeConfig (OmnI)
|
## Token and KubeConfig (OmnI)
|
||||||
|
|
||||||
Get the token for the user.
|
Get the token for the service account:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
kubectl create token buzz -n my-namespace
|
kubectl create token buzz -n my-namespace
|
||||||
```
|
```
|
||||||
|
|
||||||
When using OmnI you can get the service account details (kubeconfig) using the following command;
|
When using Omni, you can get the service account kubeconfig using:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
omnictl kubeconfig --service-account -c <cluster-name> --user buzz /tmp/buzz-kubeconfig.yaml
|
omnictl kubeconfig --service-account -c <cluster-name> --user buzz /tmp/buzz-kubeconfig.yaml
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue