Skip to content

Instantly share code, notes, and snippets.

@PartTimeLegend
Last active January 9, 2023 16:47
Show Gist options
  • Save PartTimeLegend/7b3e92110650e6b1ea2dd7aa10613c59 to your computer and use it in GitHub Desktop.
Save PartTimeLegend/7b3e92110650e6b1ea2dd7aa10613c59 to your computer and use it in GitHub Desktop.
k8s namespace, service account, and secret
# In GKE need to get RBAC permissions first with
# kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=<user-name>|--group=<group-name>]
kind: Namespace
apiVersion: v1
metadata:
name: example
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: example
namespace: example
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: example
namespace: example
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: example
namespace: example
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: example
subjects:
- kind: ServiceAccount
name: example
---
apiVersion: v1
kind: Secret
metadata:
name: example-secret
namespace: example
annotations:
kubernetes.io/service-account.name: example
type: kubernetes.io/service-account-token
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment