Granting a Kubernetes Service Account permissions for Secrets?

前端未结

关注

 2  709

野趣味 2021-02-13 22:32

I have a Service Account which I\'d like to grant permissions to read/write/update/delete Secrets within a specific namespace. I\'m not clear about how exactly Service Accounts,

2条回答

生来不讨喜 (楼主)

2021-02-13 23:14

You need to create Role and Role binding.

Create a role:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
 namespace: test
 name: role-test-account
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

Create a role binding:

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
 name: role-test-account-binding
 namespace: test
subjects:
- kind: ServiceAccount
  name: test-account
  namespace: test
roleRef:
 kind: Role
 name: role-test-account
 apiGroup: rbac.authorization.k8s.io

You can read more about using RBAC Authorization

0 讨论(0)

查看其它2个回答