Kubernetes创建ServiceAccount

这篇主要描述如何创建角色和 ServiceAccount，并将 ServiceAccount 与角色进行绑定。然后通过token访问kube-dashboard。
所要创建的角色名称为test，所属命名空间为default。

1.创建一个新的ServiceAccount

kubectl create sa test -n default

创建role.yaml文件

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: default
  name: role-test
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
- apiGroups: ["extensions", "apps"]
  resources: ["deployments"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

创建role-bind.yaml文件

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: role-bind-test
  namespace: default
subjects:
- kind: ServiceAccount
  name: test
  namespace: default
roleRef:
  kind: Role
  name: role-test
  apiGroup: rbac.authorization.k8s.io

创建角色并绑定

$ kubectl create -f role.yaml
role.rbac.authorization.k8s.io/role-test created

$ kubectl create -f role-bind.yaml
rolebinding.rbac.authorization.k8s.io/role-bind-test created

获取 ServiceAccount 的token

$ kubectl get secret -n default | grep test
NAME                   TYPE                                  DATA      AGE
test-token-lmxwb   kubernetes.io/service-account-token   3         1m

$ kubectl get secret test-token-lmxwb -o jsonpath={.data.token} -n default |base64 -d

使用token访问kube-dashboard

将上一步获取到的token粘贴到下面的【输入令牌】文本框中，点击登录即可。

login.png