Posted on: 12/06/2019
Once you create a service account, Kubernetes will automatically create a related secret that will contain the bearer token.
example.yaml
:
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-function-job-create
namespace: kube-system
kubectl create -f example.yaml
and then:
You’ll need jq
installed for the next step.
kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep cloud-function-job-create | awk '{print $1}') -o json | jq -r '.data.token' | base64 -d
Don’t forget you also need to give the service account some permissions. This can be done with a ClusterRoleBinding
for example:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cloud-function-job-create
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: cloud-function-job-create
namespace: kube-system
Comments
No comments, yet!
Submit a comment