Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Configure Kubernetes Service Account
########################################################################################################################
# Create a Service account and link it to the default namespace. #
# For example, we configure azure devops to use a Kubernetes Service Connection with a secret (yaml file) #
########################################################################################################################
# Create service account
kubectl create serviceaccount <service-account-name>
# Get secrets from the created service account
kubectl get serviceaccounts <service-account-name> -o yaml
kubectl get secret <service-account-secret-name> -o yaml
# Give permissions on the default namespace for the service account
## 1 - Create a configuration yaml with the contents:
$yamlFileName = 'kubernetes-security-configuration.yaml'
$yamlConfiguration = '
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: service-role
namespace: default # Should be namespace you are granting access to
rules:
- apiGroups: ["apps"] # "" indicates the core API group
resources: ["services","deployments"]
verbs: ["get", "watch", "list", "create", "update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: service-rolebinding
namespace: default # Should be namespace you are granting access to
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: service-role # Should match name of Role
subjects:
- namespace: default # Should match namespace where SA lives
kind: ServiceAccount
name: <service-account-name> # Should match service account name, above'
#Create the file physically
New-Item -Path . -Name "$yamlFileName" -ItemType "file" -Value "$yamlConfiguration"
## 2 - Apply configuration
kubectl -f apply .\kubernetes-security-configuration.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment