Last active
August 31, 2017 18:09
-
-
Save pwittrock/38cbf06917bdb38ce261d4a54416f665 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export PROJECT="pwittroc-k8s-1148" | |
# Create the service account | |
gcloud iam service-accounts create gcp-controller-sa | |
# Add the roles so the service account and create and get keys for other service accounts | |
gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:gcp-controller-sa@$PROJECT.iam.gserviceaccount.com --role roles/iam.serviceAccountKeyAdmin | |
gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:gcp-controller-sa@$PROJECT.iam.gserviceaccount.com --role roles/iam.serviceAccountAdmin | |
# Get the key for the service account and write to the file serviceaccount.json | |
gcloud iam service-accounts keys create serviceaccount-sa.json --iam-account=gcp-controller-sa@$PROJECT.iam.gserviceaccount.com | |
# Upload serviceacocunt.json as a secret in kubernetes | |
kubectl create secret generic gcp-secret-sa --from-file serviceaccount-sa.json | |
# Start the apiserver | |
kubectl apply -f config/apiserver.yaml | |
# Create a secret | |
kubectl create -f sample/gcpserviceaccount.yaml | |
# Log at the controller logs | |
kubectl logs $(kubectl get pods -o name) controller | |
# Look at the gcpserviceaccount | |
kubectl get gcpserviceaccounts -o yaml | |
# Look at the secret | |
kubectl get secret example-gcp-serviceaccount -o yaml | |
# Look at the secret contents of the secret | |
kubectl get secret example-gcp-serviceaccount -o go-template='{{.data}}' | sed 's/map\[serviceaccount.json://g' | sed 's/]//g' | base64 -D | |
echo "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment