Exercise 6.3: Working with ServiceAccounts
kubectl get secretkubectl get secret -Acat <<EOF | kubectl create -f - apiVersion: v1 kind: ServiceAccount metadata: name: secret-access EOFkubectl get sa secret-accesskubectl get clusterrolesdiff <(kubectl get clusterroles admin -o yaml) <(kubectl get clusterroles cluster-admin -o yaml) -ycat <<EOF | kubectl create -f - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: secret-access rules: - apiGroups: - "" resources: - secrets verbs: - get - list EOFkubectl get clusterrole secret-accesscat <<EOF | kubectl create -f - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: secret-access subjects: - kind: ServiceAccount name: secret-access roleRef: kind: ClusterRole name: secret-access apiGroup: rbac.authorization.k8s.io EOFkubectl get rolebindings secret-accesscat <<EOF | kubectl create -f - apiVersion: v1 kind: Pod metadata: name: kubectl spec: containers: - name: kubectl image: bitnami/kubectl command: [ "sleep" ] args: [ "infinity" ] EOFkubectl exec -it kubectl -- kubectl get secretskubectl get pod kubectl -o yamlkubectl delete pod kubectlcat <<EOF | kubectl create -f - apiVersion: v1 kind: Pod metadata: name: kubectl spec: serviceAccountName: secret-access containers: - name: kubectl image: bitnami/kubectl command: [ "sleep" ] args: [ "infinity" ] EOFkubectl get pod kubectl -o yaml | grep -i serviceaccountkubectl exec -it kubectl -- kubectl get secretskubectl exec -it kubectl -- cat /var/run/secrets/kubernetes.io/serviceaccount/token{ kubectl delete pod kubectl kubectl delete rolebindings secret-access kubectl delete clusterrole secret-access kubectl delete sa secret-access }
Last updated