Configure Kubernetes Service Account

kubernetes-create-service-account-with-permissions.ps1

########################################################################################################################
# Create a Service account and link it to the default namespace.                                                       #
# For example, we configure azure devops to use a Kubernetes Service Connection with a secret (yaml file)              #
########################################################################################################################

# Create service account
kubectl create serviceaccount <service-account-name>

# Get secrets from the created service account 
kubectl get serviceaccounts <service-account-name> -o yaml
kubectl get secret <service-account-secret-name> -o yaml

# Give permissions on the default namespace for the service account
## 1 - Create a configuration yaml with the contents:
$yamlFileName = 'kubernetes-security-configuration.yaml'

$yamlConfiguration = '
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: service-role
  namespace: default # Should be namespace you are granting access to
rules:
- apiGroups: ["apps"] # "" indicates the core API group
  resources: ["services","deployments"]
  verbs: ["get", "watch", "list", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: service-rolebinding
  namespace: default # Should be namespace you are granting access to
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: service-role # Should match name of Role
subjects:
- namespace: default # Should match namespace where SA lives
  kind: ServiceAccount
  name: <service-account-name> # Should match service account name, above'

#Create the file physically 
New-Item -Path . -Name "$yamlFileName" -ItemType "file" -Value "$yamlConfiguration"
  
## 2 - Apply configuration
kubectl -f apply .\kubernetes-security-configuration.yaml